CVE-2014-8298
Severity CVSS v4.0:
Pending analysis
Type:
CWE-19
Data Handling
Publication date:
10/12/2014
Last modified:
12/04/2025
Description
The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nvidia:gpu_driver:r304.125:*:*:*:*:linux_kernel:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:r331.00:*:*:*:*:linux_kernel:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:r331.112:*:*:*:*:linux_kernel:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:r340.00:*:*:*:*:linux_kernel:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:r340.65:*:*:*:*:linux_kernel:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:r343.00:*:*:*:*:linux_kernel:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:r343.36:*:*:*:*:linux_kernel:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:r346.00:*:*:*:*:linux_kernel:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:r346.22:*:*:*:*:linux_kernel:*:* | ||
| cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:linux_kernel:tegra:* | r21.2 (including) | |
| cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:chrome_os:*:* | r39 (including) |
To consult the complete list of CPE names with products and versions, see this page