VIR Vulnerability Intelligence Relay

CVE-2014-8298

high
Published 2014-12-10 · Modified 2026-05-06
CVSS v3
CVSS v2
7.5
VIR risk
7.5

Description

The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-8298

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://nvidia.custhelp.com/app/answers/detail/a_id/3610

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed340.65-1
debian debianbullseyefixed340.65-1
debian debianforkyfixed340.65-1
debian debiansidfixed340.65-1
debian debiantrixiefixed340.65-1

Application impact
VendorProductVersionsFixed
nvidia nvidiagpu_driverr304.125
nvidia nvidiagpu_driverr331.00
nvidia nvidiagpu_driverr331.112
nvidia nvidiagpu_driverr340.00
nvidia nvidiagpu_driverr340.65
nvidia nvidiagpu_driverr343.00
nvidia nvidiagpu_driverr343.36
nvidia nvidiagpu_driverr346.00
nvidia nvidiagpu_driverr346.22
nvidia nvidiagpu_driver{"endIncluding":"r21.2"}
nvidia nvidiagpu_driver{"endIncluding":"r39"}

References

CWEs

CWE-19

Verify integrity in audit chain (admin only). AS-IS.