Arch Linux Security Advisory ASA-201412-11 ========================================== Severity: Critical Date : 2014-12-12 CVE-ID : CVE-2014-8091 CVE-2014-8098 CVE-2014-8298 Package : nvidia-340xx nvidia-340xx-lts Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ======= The packages nvidia-340xx and nvidia-340xx-lts before version 340.65-1 are vulnerable to arbitrary code execution or denial of service. Resolution ========== Upgrade to 340.65-2. # pacman -Syu "nvidia-340xx>=340.65-1" # pacman -Syu "nvidia-340xx-lts>=340.65-1" The problems have been fixed upstream in version 340.65. Workaround ========== None. Description =========== It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation. Impact ====== An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation. References ========== https://nvidia.custhelp.com/app/answers/detail/a_id/3610 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8091 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8098 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8298