CVE-2025-23282

Summary

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIAVirtual GPU Manager580.82.02(All versions up to and including the August 2025 release)affected
NVIDIAVirtual GPU Manager580.82.02(All versions prior to and including vGPU 19.1)affected
NVIDIAVirtual GPU Manager570.172.07(All versions prior to and including vGPU 18.4)affected
NVIDIAVirtual GPU Manager535.261.04(All versions prior to and including vGPU 16.11)affected
NVIDIAGeForceAll driver versions prior to 580.95.05affected
NVIDIAGeForceAll driver versions prior to 570.195.03affected
NVIDIAGeForceAll driver versions prior to 535.274.02affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 580.95.05affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 570.195.03affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 535.274.02affected
NVIDIATeslaAll driver versions prior to 580.95.05affected
NVIDIATeslaAll driver versions prior to 570.195.03affected
NVIDIATeslaAll driver versions prior to 535.274.02affected
NVIDIAGuest driver580.82.07(All versions prior to and including vGPU 19.1)affected
NVIDIAGuest driver580.82.07(All versions up to and including the August 2025 release)affected
NVIDIAGuest driver570.172.08(All versions prior to and including vGPU 18.4)affected
NVIDIAGuest driver535.261.03(All versions prior to and including vGPU 16.11)affected

Weaknesses

  • CWE-415: CWE-415 Double Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References