CVE-2018-6260

{"id": "CVE-2018-6260", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-11-13T17:29:00.187", "references": [{"url": "http://support.lenovo.com/us/en/solutions/LEN-26250", "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4738", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4772", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://usn.ubuntu.com/3904-1/", "source": "psirt@nvidia.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector."}, {"lang": "es", "value": "El controlador de gr\u00e1ficos de NVIDIA contiene una vulnerabilidad que podr\u00eda permitir el acceso a datos de la aplicaci\u00f3n procesados en la GPU mediante un canal lateral expuesto por los contadores de rendimiento de la GPU. Se requiere acceso local. Este no es un vector de ataque de red o remoto."}], "lastModified": "2019-04-18T19:29:02.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F6B8C06-F379-49FB-B0F2-097752154708"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@nvidia.com"}