CVE-2014-1710 - OpenCVE

The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a denial of service (GPU command-buffer memory corruption) or possibly have unspecified other impact via unknown vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Chrome Os

Configuration 1 [-]

OR	cpe:2.3:o:google:chrome_os::::::::
	cpe:2.3:o:google:chrome_os:33.0.1750.2:::::::*
	cpe:2.3:o:google:chrome_os:33.0.1750.5:::::::*
	cpe:2.3:o:google:chrome_os:33.0.1750.16:::::::*
	cpe:2.3:o:google:chrome_os:33.0.1750.29:::::::*
	cpe:2.3:o:google:chrome_os:33.0.1750.51:::::::*
	cpe:2.3:o:google:chrome_os:33.0.1750.58:::::::*
	cpe:2.3:o:google:chrome_os:33.0.1750.70:::::::*
	cpe:2.3:o:google:chrome_os:33.0.1750.93:::::::*
	cpe:2.3:o:google:chrome_os:33.0.1750.112:::::::*
	cpe:2.3:o:google:chrome_os:33.0.1750.124:::::::*

No data.

References

Link	Providers
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html
https://code.google.com/p/chromium/issues/detail?id=351852
https://src.chromium.org/viewvc/chrome?revision=256723&view=revision
https://src.chromium.org/viewvc/chrome?revision=256918&view=revision

History

No history.

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2014-03-16T10:00:00

Updated: 2024-08-06T09:50:10.611Z

Reserved: 2014-01-29T00:00:00

Link: CVE-2014-1710

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-03-16T14:06:45.570

Modified: 2023-11-07T02:19:06.890

Link: CVE-2014-1710

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a denial of service (GPU command-buffer memory corruption) or possibly have unspecified other impact via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-03-16T02:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://src.chromium.org/viewvc/chrome?revision=256918&view=revision"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://src.chromium.org/viewvc/chrome?revision=256723&view=revision"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=351852"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2014-1710", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a denial of service (GPU command-buffer memory corruption) or possibly have unspecified other impact via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://src.chromium.org/viewvc/chrome?revision=256918&view=revision", "refsource": "CONFIRM", "url": "https://src.chromium.org/viewvc/chrome?revision=256918&view=revision"}, {"name": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html"}, {"name": "https://src.chromium.org/viewvc/chrome?revision=256723&view=revision", "refsource": "CONFIRM", "url": "https://src.chromium.org/viewvc/chrome?revision=256723&view=revision"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=351852", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=351852"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:50:10.611Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://src.chromium.org/viewvc/chrome?revision=256918&view=revision"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://src.chromium.org/viewvc/chrome?revision=256723&view=revision"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=351852"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2014-1710", "datePublished": "2014-03-16T10:00:00", "dateReserved": "2014-01-29T00:00:00", "dateUpdated": "2024-08-06T09:50:10.611Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "439AB7FE-C97B-437D-8B63-5C578083F888", "versionEndIncluding": "33.0.1750.149", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:33.0.1750.2:*:*:*:*:*:*:*", "matchCriteriaId": "80F12F19-8FA7-4A85-9ADE-59E9E9EE927B", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:33.0.1750.5:*:*:*:*:*:*:*", "matchCriteriaId": "DE878C97-75CD-47E7-A986-646158D180A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:33.0.1750.16:*:*:*:*:*:*:*", "matchCriteriaId": "7D8AFB09-4DE2-44ED-BBAA-9770FDE16FF2", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:33.0.1750.29:*:*:*:*:*:*:*", "matchCriteriaId": "D2C579B9-1410-471F-98BA-DC050DF8BFED", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:33.0.1750.51:*:*:*:*:*:*:*", "matchCriteriaId": "545E151A-1915-4E8F-823B-C7DA2EE5D9C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:33.0.1750.58:*:*:*:*:*:*:*", "matchCriteriaId": "2036F2BE-4349-4034-8717-1F9EF208E482", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:33.0.1750.70:*:*:*:*:*:*:*", "matchCriteriaId": "B9FE324C-4A7D-4610-8106-9DCE8327058D", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:33.0.1750.93:*:*:*:*:*:*:*", "matchCriteriaId": "65B2F712-3BD9-492E-AF21-66911756750C", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:33.0.1750.112:*:*:*:*:*:*:*", "matchCriteriaId": "62E9D29C-CFF9-45C2-B063-5F29A368B43F", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:33.0.1750.124:*:*:*:*:*:*:*", "matchCriteriaId": "DA0C06F9-5739-4AF3-BEA3-AC404DE944BD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a denial of service (GPU command-buffer memory corruption) or possibly have unspecified other impact via unknown vectors."}, {"lang": "es", "value": "La funci\u00f3n AsyncPixelTransfersCompletedQuery::End en gpu/command_buffer/service/query_manager.cc en Google Chrome, utilizado en Google Chrome OS anterior a 33.0.1750.152, no comprueba si cierta posici\u00f3n est\u00e1 dentro de los l\u00edmites de un segmento de memoria compartida, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria de comando de buffer de GPU) o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2014-1710", "lastModified": "2023-11-07T02:19:06.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-16T14:06:45.570", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=351852"}, {"source": "chrome-cve-admin@google.com", "url": "https://src.chromium.org/viewvc/chrome?revision=256723&view=revision"}, {"source": "chrome-cve-admin@google.com", "url": "https://src.chromium.org/viewvc/chrome?revision=256918&view=revision"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}