CVE-2025-23282Double Free in Nvidia Geforce

CWE-415Double Free6 documents6 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 96.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Nvidia GeforceNvidia Guest DriverNvidia Tesla+1 more
Timeline
PublishedOct 10

Description

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

CVEListV5nvidia/guest_driver4 versions+3
CVEListV5nvidia/teslaAll driver versions prior to 535.274.02, All driver versions prior to 570.195.03, All driver versions prior to 580.95.05+2
CVEListV5nvidia/geforceAll driver versions prior to 535.274.02, All driver versions prior to 570.195.03, All driver versions prior to 580.95.05+2
CVEListV5nvidia/virtual_gpu_manager4 versions+3

🔴Vulnerability Details

3
OSV
CVE-2025-23282: NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges2025-10-10
CVEList
CVE-2025-23282: NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges2025-10-10
GHSA
GHSA-r7fp-qp23-pmqp: NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges2025-10-10

📋Vendor Advisories

2
Red Hat
kvm: NVIDIA Display Driver vulnerability due to race condition leading to escalate privileges2025-10-10
Debian
CVE-2025-23282: nvidia-graphics-drivers - NVIDIA Display Driver for Linux contains a vulnerability where an attacker might...2025
CVE-2025-23282 — Double Free in Nvidia Geforce | cvebase