CVE-2023-25515

CWE-822 CWE-9235 documents5 sources

Severity

7.6HIGH

EPSS

0.1%

top 82.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Cloud Gaming Nvidia GPU Display Driver Nvidia Virtual GPU +1 more

Timeline

PublishedJun 23

Description

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶CVEListV5nvidia/gpu_display_driver_for_windows_and_linuxAll versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release

▶NVDnvidia/gpu_display_driver470 — 474.44+9

▶Debiannvidia-graphics-drivers< 470.199.02-1+3

▶Debiannvidia-graphics-drivers-tesla< 525.125.06-1~deb12u1

▶Debiannvidia-graphics-drivers-tesla-450< 450.248.02-1~deb11u1

🔴Vulnerability Details

CVEList

CVE-2023-25515: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution,↗2023-06-23

▶

OSV

CVE-2023-25515: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution,↗2023-06-23

▶

GHSA

GHSA-wh8r-hxhg-w5g2: NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical acc↗2023-06-23

▶

📋Vendor Advisories

Debian

CVE-2023-25515: nvidia-graphics-drivers - NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where u...↗2023

▶