CVE-2025-33221

Summary

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service.

Affected Software

VendorProductVersion RangeStatus
NVIDIAGeForceAll driver versions prior to 595.71.05affected
NVIDIAGeForceAll driver versions prior to 580.159.03affected
NVIDIAGeForceAll driver versions prior to 535.309.01affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 595.71.05affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 580.159.03affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 535.309.01affected
NVIDIATeslaAll driver versions prior to 595.71.05affected
NVIDIATeslaAll driver versions prior to 580.159.03affected
NVIDIATeslaAll driver versions prior to 535.309.01affected
NVIDIAGuest driver595.58.03(All versions prior to and including vGPU 20.0)affected
NVIDIAGuest driver580.126.09(All versions prior to and including vGPU 19.4)affected
NVIDIAGuest driver535.288.01(All versions prior to and including vGPU 16.13)affected
NVIDIAGuest driver595.58.03(All versions up to and including the March 2026 release)affected
NVIDIAGeForceAll driver versions prior to 596.36affected
NVIDIAGeForceAll driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected.affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 596.36affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 582.53affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 539.72affected
NVIDIATeslaAll driver versions prior to 596.36affected
NVIDIATeslaAll driver versions prior to 582.53affected
NVIDIATeslaAll driver versions prior to 539.72affected
NVIDIAGuest driver595.97(All versions prior to and including vGPU 20.0)affected
NVIDIAGuest driver582.16(All versions prior to and including vGPU 19.4)affected
NVIDIAGuest driver539.64(All versions prior to and including vGPU 16.13)affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References