CVE-2025-33219

Summary

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIAGeForceAll driver versions prior to 590.48.01affected
NVIDIAGeForceAll driver versions prior to 580.126.09affected
NVIDIAGeForceAll driver versions prior to 570.211.01affected
NVIDIAGeForceAll driver versions prior to 535.288.01affected
NVIDIARTX PRO, RTX, QuadroAll driver versions prior to 590.48.01affected
NVIDIARTX PRO, RTX, QuadroAll driver versions prior to 580.126.09affected
NVIDIARTX PRO, RTX, QuadroAll driver versions prior to 570.211.01affected
NVIDIARTX PRO, RTX, QuadroAll driver versions prior to 535.288.01affected
NVIDIATeslaAll driver versions prior to 590.48.01affected
NVIDIATeslaAll driver versions prior to 580.126.09affected
NVIDIATeslaAll driver versions prior to 570.211.01affected
NVIDIATeslaAll driver versions prior to 535.288.01affected
NVIDIAGuest driver580.105.08(All versions prior to and including vGPU software 19.3)affected
NVIDIAGuest driver570.195.03(All versions prior to and including vGPU software 18.5)affected
NVIDIAGuest driver535.274.02(All versions prior to and including vGPU software 16.12)affected
NVIDIAVirtual GPU Manager580.105.06(All versions prior to and including vGPU software 19.3)affected
NVIDIAVirtual GPU Manager570.195.02(All versions prior to and including vGPU software 18.5)affected
NVIDIAVirtual GPU Manager535.274.03(All versions prior to and including vGPU software 16.12)affected
NVIDIAGuest driver580.105.08(All versions up to and including the November 2025 release)affected
NVIDIAVirtual GPU Manager580.105.06(All versions up to and including the November 2025 release)affected

Weaknesses

  • CWE-190: CWE-190 Integer Overflow or Wraparound

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References