Arch Linux Security Advisory ASA-201412-10 ========================================== Severity: Critical Date : 2014-12-12 CVE-ID : CVE-2014-8091 CVE-2014-8098 CVE-2014-8298 Package : nvidia-304xx nvidia-304xx-lts Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ======= The packages nvidia-304xx and nvidia-304xx-lts before version 304.125-1 are vulnerable to arbitrary code execution or denial of service. Resolution ========== Upgrade to 304.125-2. # pacman -Syu "nvidia-304xx>=304.125-1" # pacman -Syu "nvidia-304xx-lts>=304.125-1" The problems have been fixed upstream in version 304.125. Workaround ========== None. Description =========== It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation. Impact ====== An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation. References ========== https://nvidia.custhelp.com/app/answers/detail/a_id/3610 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8091 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8098 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8298