The GLX indirect rendering support supplied on NVIDIA products
is subject to the recently disclosed X.Org vulnerabilities
(CVE-2014-8093, CVE-2014-8098) as well as internally identified
vulnerabilities (CVE-2014-8298).
Depending on how it is configured, the X server typically runs
with raised privileges, and listens for GLX indirect rendering
protocol requests from a local socket and potentially a TCP/IP
port. The vulnerabilities could be exploited in a way that
causes the X server to access uninitialized memory or overwrite
arbitrary memory in the X server process. This can cause a
denial of service (e.g., an X server segmentation fault), or
could be exploited to achieve arbitrary code execution.