CVE-2025-23282 - Vulnerability Details - OpenCVE

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-23282
https://nvidia.custhelp.com/app/answers/detail/a_id/5703
https://www.cve.org/CVERecord?id=CVE-2025-23282

History

Fri, 10 Oct 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 10 Oct 2025 18:00:00 +0000

Type	Values Removed	Values Added
Description		NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
Weaknesses		CWE-415
References		https://nvd.nist.gov/vuln/detail/CVE-2025-23282 https://nvidia.custhelp.com/app/answers/detail/a_id/5703 https://www.cve.org/CVERecord?id=CVE-2025-23282
Metrics		cvssV3_1 `{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2025-10-10T17:41:55.131Z

Updated: 2025-10-10T19:14:37.926Z

Reserved: 2025-01-14T01:06:25.307Z

Link: CVE-2025-23282

Vulnrichment

Updated: 2025-10-10T19:14:33.785Z

NVD

Status : Received

Published: 2025-10-10T18:15:39.197

Modified: 2025-10-10T18:15:39.197

Link: CVE-2025-23282

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23282", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2025-01-14T01:06:25.307Z", "datePublished": "2025-10-10T17:41:55.131Z", "dateUpdated": "2025-10-10T19:14:37.926Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Red Hat Enterprise Linux KVM", "VMware vSphere(R580 Gaming)"], "product": "Virtual GPU Manager", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "580.82.02(All versions up to and including the August 2025 release)"}]}, {"defaultStatus": "unaffected", "platforms": ["XenServer", "VMware vSphere", "Red Hat Enterprise Linux KVM", "Ubuntu(R580 vGPU 19)"], "product": "Virtual GPU Manager", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "580.82.02(All versions prior to and including vGPU 19.1)"}]}, {"defaultStatus": "unaffected", "platforms": ["XenServer", "VMware vSphere", "Red Hat Enterprise Linux KVM", "Ubuntu(R570 vGPU 18)"], "product": "Virtual GPU Manager", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "570.172.07(All versions prior to and including vGPU 18.4)"}]}, {"defaultStatus": "unaffected", "platforms": ["XenServer", "VMware vSphere", "Red Hat Enterprise Linux KVM", "Ubuntu(R535 vGPU 16)"], "product": "Virtual GPU Manager", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "535.261.04(All versions prior to and including vGPU 16.11)"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R580)"], "product": "GeForce", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 580.95.05"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R570)"], "product": "GeForce", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 570.195.03"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R535)"], "product": "GeForce", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 535.274.02"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R580)"], "product": "NVIDIA RTX, Quadro, NVS", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 580.95.05"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R570)"], "product": "NVIDIA RTX, Quadro, NVS", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 570.195.03"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R535)"], "product": "NVIDIA RTX, Quadro, NVS", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 535.274.02"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R580)"], "product": "Tesla", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 580.95.05"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R570)"], "product": "Tesla", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 570.195.03"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R535)"], "product": "Tesla", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 535.274.02"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R580 vGPU 19)"], "product": "Guest driver", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "580.82.07(All versions prior to and including vGPU 19.1)"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R580 Gaming)"], "product": "Guest driver", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "580.82.07(All versions up to and including the August 2025 release)"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R570 vGPU 18)"], "product": "Guest driver", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "570.172.08(All versions prior to and including vGPU 18.4)"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R535 vGPU 16)"], "product": "Guest driver", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "535.261.03(All versions prior to and including vGPU 16.11)"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure."}], "value": "NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Escalation of Privileges, Denial of Service, Code Execution, Data Tampering, Information Disclosure"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-415", "description": "CWE-415 Double Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-10-10T17:42:48.106Z"}, "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23282"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-23282"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5703"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-10T19:14:28.021288Z", "id": "CVE-2025-23282", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-10T19:14:37.926Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-23282", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-10T19:14:28.021288Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-10T19:14:33.785Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Escalation of Privileges, Denial of Service, Code Execution, Data Tampering, Information Disclosure"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "Virtual GPU Manager", "versions": [{"status": "affected", "version": "580.82.02(All versions up to and including the August 2025 release)"}], "platforms": ["Red Hat Enterprise Linux KVM", "VMware vSphere(R580 Gaming)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Virtual GPU Manager", "versions": [{"status": "affected", "version": "580.82.02(All versions prior to and including vGPU 19.1)"}], "platforms": ["XenServer", "VMware vSphere", "Red Hat Enterprise Linux KVM", "Ubuntu(R580 vGPU 19)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Virtual GPU Manager", "versions": [{"status": "affected", "version": "570.172.07(All versions prior to and including vGPU 18.4)"}], "platforms": ["XenServer", "VMware vSphere", "Red Hat Enterprise Linux KVM", "Ubuntu(R570 vGPU 18)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Virtual GPU Manager", "versions": [{"status": "affected", "version": "535.261.04(All versions prior to and including vGPU 16.11)"}], "platforms": ["XenServer", "VMware vSphere", "Red Hat Enterprise Linux KVM", "Ubuntu(R535 vGPU 16)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "GeForce", "versions": [{"status": "affected", "version": "All driver versions prior to 580.95.05"}], "platforms": ["Linux(R580)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "GeForce", "versions": [{"status": "affected", "version": "All driver versions prior to 570.195.03"}], "platforms": ["Linux(R570)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "GeForce", "versions": [{"status": "affected", "version": "All driver versions prior to 535.274.02"}], "platforms": ["Linux(R535)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "NVIDIA RTX, Quadro, NVS", "versions": [{"status": "affected", "version": "All driver versions prior to 580.95.05"}], "platforms": ["Linux(R580)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "NVIDIA RTX, Quadro, NVS", "versions": [{"status": "affected", "version": "All driver versions prior to 570.195.03"}], "platforms": ["Linux(R570)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "NVIDIA RTX, Quadro, NVS", "versions": [{"status": "affected", "version": "All driver versions prior to 535.274.02"}], "platforms": ["Linux(R535)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Tesla", "versions": [{"status": "affected", "version": "All driver versions prior to 580.95.05"}], "platforms": ["Linux(R580)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Tesla", "versions": [{"status": "affected", "version": "All driver versions prior to 570.195.03"}], "platforms": ["Linux(R570)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Tesla", "versions": [{"status": "affected", "version": "All driver versions prior to 535.274.02"}], "platforms": ["Linux(R535)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Guest driver", "versions": [{"status": "affected", "version": "580.82.07(All versions prior to and including vGPU 19.1)"}], "platforms": ["Linux(R580 vGPU 19)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Guest driver", "versions": [{"status": "affected", "version": "580.82.07(All versions up to and including the August 2025 release)"}], "platforms": ["Linux(R580 Gaming)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Guest driver", "versions": [{"status": "affected", "version": "570.172.08(All versions prior to and including vGPU 18.4)"}], "platforms": ["Linux(R570 vGPU 18)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Guest driver", "versions": [{"status": "affected", "version": "535.261.03(All versions prior to and including vGPU 16.11)"}], "platforms": ["Linux(R535 vGPU 16)"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23282"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-23282"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5703"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-415", "description": "CWE-415 Double Free"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-10-10T17:42:48.106Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23282", "state": "PUBLISHED", "dateUpdated": "2025-10-10T19:14:37.926Z", "dateReserved": "2025-01-14T01:06:25.307Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2025-10-10T17:41:55.131Z", "assignerShortName": "nvidia"}, "dataVersion": "5.1"}