CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
5.1%
November 9, 2018 This notice is a response to the October 2018 publication “Rendered Insecure: GPU Side Channel Attacks are Practical” regarding a software security issue in the NVIDIA GPU Graphics Driver. NVIDIA worked closely with the researchers and evaluated the issue following the Coordinated Vulnerability Disclosure process. NVIDIA assessed this issue with a base CVSS V3 score of 2.2 (low). NVIDIA will address the issue with a driver release and post a security bulletin on the NVIDIA Product Security page.
NVIDIA has released updated drivers to address this issue. For more information, see Security Bulletin: NVIDIA GPU Display Driver - February 2019.
CVE | Description | Base Score | CVSS V3 Vector |
---|---|---|---|
CVE‑2018‑6260 | NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector. | 2.2 | AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N |
Visit the NVIDIA Product Security page to
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
5.1%