Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-23286 (GCVE-0-2025-23286)
Vulnerability from cvelistv5 – Published: 2025-08-02 22:09 – Updated: 2025-08-04 13:36
VLAI
EPSS
Summary
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | GPU Display Drivers |
Affected:
R535, R570, R575
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T13:36:50.666911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T13:36:56.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GPU Display Drivers",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "R535, R570, R575"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.\u003c/span\u003e"
}
],
"value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-02T22:09:12.667Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5670"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23286",
"datePublished": "2025-08-02T22:09:12.667Z",
"dateReserved": "2025-01-14T01:06:25.308Z",
"dateUpdated": "2025-08-04T13:36:56.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-23286",
"date": "2026-06-02",
"epss": "0.00096",
"percentile": "0.26516"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-23286\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2025-08-02T22:15:45.327\",\"lastModified\":\"2025-08-04T15:06:15.833\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.\"},{\"lang\":\"es\",\"value\":\"El controlador de pantalla GPU NVIDIA para Windows y Linux contiene una vulnerabilidad que permite a un atacante leer memoria no v\u00e1lida. Explotar esta vulnerabilidad podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"references\":[{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5670\",\"source\":\"psirt@nvidia.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-23286\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-04T13:36:50.666911Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-04T13:36:53.897Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Information disclosure\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NVIDIA\", \"product\": \"GPU Display Drivers\", \"versions\": [{\"status\": \"affected\", \"version\": \"R535, R570, R575\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5670\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eNVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"shortName\": \"nvidia\", \"dateUpdated\": \"2025-08-02T22:09:12.667Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-23286\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-04T13:36:56.791Z\", \"dateReserved\": \"2025-01-14T01:06:25.308Z\", \"assignerOrgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"datePublished\": \"2025-08-02T22:09:12.667Z\", \"assignerShortName\": \"nvidia\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2025:20757-1
Vulnerability from csaf_suse - Published: 2025-09-23 15:49 - Updated: 2025-09-23 15:49Summary
Security update for nvidia-open-driver-G06-signed
Severity
Important
Notes
Title of the patch: Security update for nvidia-open-driver-G06-signed
Description of the patch: This update for nvidia-open-driver-G06-signed fixes the following issues:
Update non-CUDA variant to 580.82.07 (bsc#1249235)
Update non-CUDA variant to 580.76.05 (bsc#1247907)
- get rid of rule of older KMPs not to load nvidia_drm module,
which are still installed in parallel and therefore still
active (bsc#1247923)
Update CUDA variant to 580.65.06, which addresses various security issues:
* CVE-2025-23277 (bsc#1247528)
* CVE-2025-23278 (bsc#1247529)
* CVE-2025-23286 (bsc#1247530)
* CVE-2025-23283 (bsc#1247531)
* CVE-2025-23279 (bsc#1247532)
Update non-CUDA variant to 570.172.08 (bsc#1246327)
- empty pci_ids-570.169; PCI ID hardware Supplements get moved to
gfx repository to package nvidia-open-driver-G06-signed-kmp-meta
(bsc#1246010)
- remove 60-nvidia-$flavor.conf, since driver no longer gets
autoselected without gfx/cuda repositories present and so we no
longer need to disable it by default (bsc#1246010)
Patchnames: SUSE-SLE-Micro-6.1-kernel-140
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nvidia-open-driver-G06-signed",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nvidia-open-driver-G06-signed fixes the following issues:\n\nUpdate non-CUDA variant to 580.82.07 (bsc#1249235)\n\nUpdate non-CUDA variant to 580.76.05 (bsc#1247907)\n\n- get rid of rule of older KMPs not to load nvidia_drm module,\n which are still installed in parallel and therefore still\n active (bsc#1247923)\n\nUpdate CUDA variant to 580.65.06, which addresses various security issues:\n\n * CVE-2025-23277 (bsc#1247528)\n * CVE-2025-23278 (bsc#1247529)\n * CVE-2025-23286 (bsc#1247530)\n * CVE-2025-23283 (bsc#1247531)\n * CVE-2025-23279 (bsc#1247532)\n\nUpdate non-CUDA variant to 570.172.08 (bsc#1246327)\n\n- empty pci_ids-570.169; PCI ID hardware Supplements get moved to\n gfx repository to package nvidia-open-driver-G06-signed-kmp-meta\n (bsc#1246010)\n\n- remove 60-nvidia-$flavor.conf, since driver no longer gets\n autoselected without gfx/cuda repositories present and so we no\n longer need to disable it by default (bsc#1246010)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-140",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20757-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20757-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520757-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20757-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041886.html"
},
{
"category": "self",
"summary": "SUSE Bug 1237208",
"url": "https://bugzilla.suse.com/1237208"
},
{
"category": "self",
"summary": "SUSE Bug 1246010",
"url": "https://bugzilla.suse.com/1246010"
},
{
"category": "self",
"summary": "SUSE Bug 1246327",
"url": "https://bugzilla.suse.com/1246327"
},
{
"category": "self",
"summary": "SUSE Bug 1247528",
"url": "https://bugzilla.suse.com/1247528"
},
{
"category": "self",
"summary": "SUSE Bug 1247529",
"url": "https://bugzilla.suse.com/1247529"
},
{
"category": "self",
"summary": "SUSE Bug 1247530",
"url": "https://bugzilla.suse.com/1247530"
},
{
"category": "self",
"summary": "SUSE Bug 1247531",
"url": "https://bugzilla.suse.com/1247531"
},
{
"category": "self",
"summary": "SUSE Bug 1247532",
"url": "https://bugzilla.suse.com/1247532"
},
{
"category": "self",
"summary": "SUSE Bug 1247907",
"url": "https://bugzilla.suse.com/1247907"
},
{
"category": "self",
"summary": "SUSE Bug 1247923",
"url": "https://bugzilla.suse.com/1247923"
},
{
"category": "self",
"summary": "SUSE Bug 1249235",
"url": "https://bugzilla.suse.com/1249235"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23277 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23278 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23279 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23279/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23283 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23286 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23286/"
}
],
"title": "Security update for nvidia-open-driver-G06-signed",
"tracking": {
"current_release_date": "2025-09-23T15:49:58Z",
"generator": {
"date": "2025-09-23T15:49:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20757-1",
"initial_release_date": "2025-09-23T15:49:58Z",
"revision_history": [
{
"date": "2025-09-23T15:49:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"product": {
"name": "nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"product_id": "nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"product": {
"name": "nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"product_id": "nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"product": {
"name": "nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"product_id": "nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"product": {
"name": "nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"product_id": "nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64"
},
"product_reference": "nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
},
"product_reference": "nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64"
},
"product_reference": "nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
},
"product_reference": "nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-23277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23277"
}
],
"notes": [
{
"category": "general",
"text": "NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to denial of service, data tampering, or information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23277",
"url": "https://www.suse.com/security/cve/CVE-2025-23277"
},
{
"category": "external",
"summary": "SUSE Bug 1247528 for CVE-2025-23277",
"url": "https://bugzilla.suse.com/1247528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T15:49:58Z",
"details": "important"
}
],
"title": "CVE-2025-23277"
},
{
"cve": "CVE-2025-23278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23278"
}
],
"notes": [
{
"category": "general",
"text": "NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering or denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23278",
"url": "https://www.suse.com/security/cve/CVE-2025-23278"
},
{
"category": "external",
"summary": "SUSE Bug 1247529 for CVE-2025-23278",
"url": "https://bugzilla.suse.com/1247529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T15:49:58Z",
"details": "important"
}
],
"title": "CVE-2025-23278"
},
{
"cve": "CVE-2025-23279",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23279"
}
],
"notes": [
{
"category": "general",
"text": "NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23279",
"url": "https://www.suse.com/security/cve/CVE-2025-23279"
},
{
"category": "external",
"summary": "SUSE Bug 1247532 for CVE-2025-23279",
"url": "https://bugzilla.suse.com/1247532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T15:49:58Z",
"details": "important"
}
],
"title": "CVE-2025-23279"
},
{
"cve": "CVE-2025-23283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23283"
}
],
"notes": [
{
"category": "general",
"text": "NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23283",
"url": "https://www.suse.com/security/cve/CVE-2025-23283"
},
{
"category": "external",
"summary": "SUSE Bug 1247531 for CVE-2025-23283",
"url": "https://bugzilla.suse.com/1247531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T15:49:58Z",
"details": "important"
}
],
"title": "CVE-2025-23283"
},
{
"cve": "CVE-2025-23286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23286"
}
],
"notes": [
{
"category": "general",
"text": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23286",
"url": "https://www.suse.com/security/cve/CVE-2025-23286"
},
{
"category": "external",
"summary": "SUSE Bug 1247530 for CVE-2025-23286",
"url": "https://bugzilla.suse.com/1247530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.aarch64",
"SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T15:49:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-23286"
}
]
}
WID-SEC-W-2025-1638
Vulnerability from csaf_certbund - Published: 2025-07-23 22:00 - Updated: 2025-09-17 22:00Summary
Nvidia Treiber: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: NVidia ist ein Hersteller von Grafikkarten.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in Nvidia Treibern ausnutzen, um beliebigen Code auszuführen, um seine Privilegien zu erhöhen, sowie Informationen offenzulegen oder zu manipulieren.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- Windows
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Nvidia Treiber R575 <577.00
Nvidia / Treiber
|
R575 <577.00 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber R570 <573.48
Nvidia / Treiber
|
R570 <573.48 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Nvidia Treiber R535 <539.41
Nvidia / Treiber
|
R535 <539.41 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Nvidia Treiber R575 <577.00
Nvidia / Treiber
|
R575 <577.00 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber R570 <573.48
Nvidia / Treiber
|
R570 <573.48 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Nvidia Treiber R535 <539.41
Nvidia / Treiber
|
R535 <539.41 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Nvidia Treiber R575 <577.00
Nvidia / Treiber
|
R575 <577.00 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber R570 <573.48
Nvidia / Treiber
|
R570 <573.48 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Nvidia Treiber R535 <539.41
Nvidia / Treiber
|
R535 <539.41 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Nvidia Treiber R575 <577.00
Nvidia / Treiber
|
R575 <577.00 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber R570 <573.48
Nvidia / Treiber
|
R570 <573.48 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Nvidia Treiber R535 <539.41
Nvidia / Treiber
|
R535 <539.41 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Nvidia Treiber R575 <577.00
Nvidia / Treiber
|
R575 <577.00 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber R570 <573.48
Nvidia / Treiber
|
R570 <573.48 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Nvidia Treiber R535 <539.41
Nvidia / Treiber
|
R535 <539.41 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Nvidia Treiber R575 <577.00
Nvidia / Treiber
|
R575 <577.00 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber R570 <573.48
Nvidia / Treiber
|
R570 <573.48 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Nvidia Treiber R535 <539.41
Nvidia / Treiber
|
R535 <539.41 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Nvidia Treiber R575 <577.00
Nvidia / Treiber
|
R575 <577.00 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber R570 <573.48
Nvidia / Treiber
|
R570 <573.48 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Nvidia Treiber R535 <539.41
Nvidia / Treiber
|
R535 <539.41 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Nvidia Treiber R575 <577.00
Nvidia / Treiber
|
R575 <577.00 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber R570 <573.48
Nvidia / Treiber
|
R570 <573.48 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Nvidia Treiber R535 <539.41
Nvidia / Treiber
|
R535 <539.41 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Nvidia Treiber R575 <577.00
Nvidia / Treiber
|
R575 <577.00 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber R570 <573.48
Nvidia / Treiber
|
R570 <573.48 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Nvidia Treiber R535 <539.41
Nvidia / Treiber
|
R535 <539.41 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Nvidia Treiber R575 <577.00
Nvidia / Treiber
|
R575 <577.00 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber R570 <573.48
Nvidia / Treiber
|
R570 <573.48 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Nvidia Treiber R535 <539.41
Nvidia / Treiber
|
R535 <539.41 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Nvidia Treiber R575 <577.00
Nvidia / Treiber
|
R575 <577.00 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber R570 <573.48
Nvidia / Treiber
|
R570 <573.48 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Nvidia Treiber R535 <539.41
Nvidia / Treiber
|
R535 <539.41 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Nvidia Treiber R575 <577.00
Nvidia / Treiber
|
R575 <577.00 | ||
|
Dell Computer
Dell
|
cpe:/o:dell:dell_computer:-
|
— | |
|
Nvidia Treiber R570 <573.48
Nvidia / Treiber
|
R570 <573.48 | ||
|
Lenovo Computer
Lenovo
|
cpe:/h:lenovo:computer:-
|
— | |
|
Nvidia Treiber R535 <539.41
Nvidia / Treiber
|
R535 <539.41 |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "NVidia ist ein Hersteller von Grafikkarten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Nvidia Treibern ausnutzen, um beliebigen Code auszuf\u00fchren, um seine Privilegien zu erh\u00f6hen, sowie Informationen offenzulegen oder zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1638 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1638.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1638 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1638"
},
{
"category": "external",
"summary": "NVIDIA Security Bulletin vom 2025-07-24",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5670"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-241 vom 2025-07-25",
"url": "https://www.dell.com/support/kbdoc/de-de/000332187/dsa-2025-241"
},
{
"category": "external",
"summary": "Lenovo Security Advisory LEN-199808 vom 2025-08-13",
"url": "https://support.lenovo.com/us/en/product_security/LEN-199808"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03062-1 vom 2025-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022387.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03246-1 vom 2025-09-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022551.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03247-1 vom 2025-09-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022550.html"
}
],
"source_lang": "en-US",
"title": "Nvidia Treiber: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-09-17T22:00:00.000+00:00",
"generator": {
"date": "2025-09-18T07:01:38.927+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1638",
"initial_release_date": "2025-07-23T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-07-23T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-07-27T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-08-03T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: EUVD-2025-23446, EUVD-2025-23452, EUVD-2025-23447, EUVD-2025-23448, EUVD-2025-23450, EUVD-2025-23451, EUVD-2025-23449, EUVD-2025-23441, EUVD-2025-23442, EUVD-2025-23443, EUVD-2025-23444, EUVD-2025-23445"
},
{
"date": "2025-08-12T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von LENOVO aufgenommen"
},
{
"date": "2025-09-03T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-17T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell Computer",
"product": {
"name": "Dell Computer",
"product_id": "T036868",
"product_identification_helper": {
"cpe": "cpe:/o:dell:dell_computer:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Lenovo Computer",
"product": {
"name": "Lenovo Computer",
"product_id": "T026557",
"product_identification_helper": {
"cpe": "cpe:/h:lenovo:computer:-"
}
}
}
],
"category": "vendor",
"name": "Lenovo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "R575 \u003c577.00",
"product": {
"name": "Nvidia Treiber R575 \u003c577.00",
"product_id": "T045648"
}
},
{
"category": "product_version",
"name": "R575 577.00",
"product": {
"name": "Nvidia Treiber R575 577.00",
"product_id": "T045648-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:577.00::r575"
}
}
},
{
"category": "product_version_range",
"name": "R570 \u003c573.48",
"product": {
"name": "Nvidia Treiber R570 \u003c573.48",
"product_id": "T045649"
}
},
{
"category": "product_version",
"name": "R570 573.48",
"product": {
"name": "Nvidia Treiber R570 573.48",
"product_id": "T045649-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:573.48::r570"
}
}
},
{
"category": "product_version_range",
"name": "R535 \u003c539.41",
"product": {
"name": "Nvidia Treiber R535 \u003c539.41",
"product_id": "T045650"
}
},
{
"category": "product_version",
"name": "R535 539.41",
"product": {
"name": "Nvidia Treiber R535 539.41",
"product_id": "T045650-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nvidia:display_driver:539.41::r535"
}
}
}
],
"category": "product_name",
"name": "Treiber"
}
],
"category": "vendor",
"name": "Nvidia"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-23276",
"product_status": {
"known_affected": [
"T002207",
"T045648",
"T036868",
"T045649",
"T026557",
"T045650"
]
},
"release_date": "2025-07-23T22:00:00.000+00:00",
"title": "CVE-2025-23276"
},
{
"cve": "CVE-2025-23277",
"product_status": {
"known_affected": [
"T002207",
"T045648",
"T036868",
"T045649",
"T026557",
"T045650"
]
},
"release_date": "2025-07-23T22:00:00.000+00:00",
"title": "CVE-2025-23277"
},
{
"cve": "CVE-2025-23278",
"product_status": {
"known_affected": [
"T002207",
"T045648",
"T036868",
"T045649",
"T026557",
"T045650"
]
},
"release_date": "2025-07-23T22:00:00.000+00:00",
"title": "CVE-2025-23278"
},
{
"cve": "CVE-2025-23279",
"product_status": {
"known_affected": [
"T002207",
"T045648",
"T036868",
"T045649",
"T026557",
"T045650"
]
},
"release_date": "2025-07-23T22:00:00.000+00:00",
"title": "CVE-2025-23279"
},
{
"cve": "CVE-2025-23281",
"product_status": {
"known_affected": [
"T002207",
"T045648",
"T036868",
"T045649",
"T026557",
"T045650"
]
},
"release_date": "2025-07-23T22:00:00.000+00:00",
"title": "CVE-2025-23281"
},
{
"cve": "CVE-2025-23283",
"product_status": {
"known_affected": [
"T002207",
"T045648",
"T036868",
"T045649",
"T026557",
"T045650"
]
},
"release_date": "2025-07-23T22:00:00.000+00:00",
"title": "CVE-2025-23283"
},
{
"cve": "CVE-2025-23284",
"product_status": {
"known_affected": [
"T002207",
"T045648",
"T036868",
"T045649",
"T026557",
"T045650"
]
},
"release_date": "2025-07-23T22:00:00.000+00:00",
"title": "CVE-2025-23284"
},
{
"cve": "CVE-2025-23285",
"product_status": {
"known_affected": [
"T002207",
"T045648",
"T036868",
"T045649",
"T026557",
"T045650"
]
},
"release_date": "2025-07-23T22:00:00.000+00:00",
"title": "CVE-2025-23285"
},
{
"cve": "CVE-2025-23286",
"product_status": {
"known_affected": [
"T002207",
"T045648",
"T036868",
"T045649",
"T026557",
"T045650"
]
},
"release_date": "2025-07-23T22:00:00.000+00:00",
"title": "CVE-2025-23286"
},
{
"cve": "CVE-2025-23287",
"product_status": {
"known_affected": [
"T002207",
"T045648",
"T036868",
"T045649",
"T026557",
"T045650"
]
},
"release_date": "2025-07-23T22:00:00.000+00:00",
"title": "CVE-2025-23287"
},
{
"cve": "CVE-2025-23288",
"product_status": {
"known_affected": [
"T002207",
"T045648",
"T036868",
"T045649",
"T026557",
"T045650"
]
},
"release_date": "2025-07-23T22:00:00.000+00:00",
"title": "CVE-2025-23288"
},
{
"cve": "CVE-2025-23290",
"product_status": {
"known_affected": [
"T002207",
"T045648",
"T036868",
"T045649",
"T026557",
"T045650"
]
},
"release_date": "2025-07-23T22:00:00.000+00:00",
"title": "CVE-2025-23290"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…