SB2025101448 - Multiple vulnerabilities in NVIDIA Linux GPU Display Driver

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025101448

SB2025101448 - Multiple vulnerabilities in NVIDIA Linux GPU Display Driver

Published: October 14, 2025

Security Bulletin ID SB2025101448
Severity
Low
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) NULL pointer dereference (CVE-ID: CVE-2025-23332)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in a kernel module. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.


2) NULL pointer dereference (CVE-ID: CVE-2025-23330)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.


3) NULL pointer dereference (CVE-ID: CVE-2025-23300)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the kernel driver. A local user can perform a denial of service (DoS) attack.


4) Race condition (CVE-ID: CVE-2025-23282)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.


5) Use-after-free (CVE-ID: CVE-2025-23280)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error. A local user can trigger memory corruption and execute arbitrary code with elevated privileges. 


6) Out-of-bounds read (CVE-ID: CVE-2025-23345)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in a video decoder. A local user can trigger an out-of-bounds read error and read contents of memory on the system.


Remediation

Install update from vendor's website.

References