CVE-2025-23280

Summary

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIAGeForceAll driver versions prior to 580.95.05affected
NVIDIAGeForceAll driver versions prior to 570.195.03affected
NVIDIAGeForceAll driver versions prior to 535.274.02affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 580.95.05affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 570.195.03affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 535.274.02affected
NVIDIATeslaAll driver versions prior to 580.95.05affected
NVIDIATeslaAll driver versions prior to 570.195.03affected
NVIDIATeslaAll driver versions prior to 535.274.02affected
NVIDIAGuest driver580.82.07(All versions prior to and including vGPU 19.1)affected
NVIDIAGuest driver580.82.07(All versions up to and including the August 2025 release)affected
NVIDIAGuest driver570.172.08(All versions prior to and including vGPU 18.4)affected
NVIDIAGuest driver535.261.03(All versions prior to and including vGPU 16.11)affected

Weaknesses

  • CWE-416: CWE-416 Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References