Nvidia Addresses Critical Security Vulnerabilities in GPU Drivers

Nvidia has announced the release of critical security updates to address significant vulnerabilities found in its GPU drivers for both Linux and Windows operating systems. Users of Nvidia graphics cards are strongly advised to ensure that they have the latest GPU drivers and vGPU software installed to mitigate the risk of potential attacks.

According to security advisories, attackers could exploit these vulnerabilities to compromise systems running Nvidia's graphics drivers. The majority of identified software weaknesses have been rated with a high threat level, specifically designations such as CVE-2025-23276 and CVE-2025-23277.

In scenarios where a malicious actor successfully exploits the first vulnerability, they could escalate their user privileges and execute arbitrary code. This could ultimately lead to complete control over the affected systems. The second vulnerability may result in data leaks or denial-of-service (DoS) conditions, potentially causing system crashes.

As of now, there have been no reported incidents of these vulnerabilities being actively exploited. However, given the nature of cybersecurity threats, it is crucial for system administrators to respond promptly by applying the secured versions of the drivers and software.

In addition, vulnerabilities have been identified in Nvidia's vGPU software, with two specific weaknesses rated high (CVE-2025-23283 and CVE-2025-23284). These vulnerabilities are particularly concerning in the context of Linux hypervisors, where they could allow for the execution of malicious code, manipulation of data, and crashes of services.

Nvidia's development team has confirmed that the latest Windows GPU driver versions 539.41, 573.48, and 577.00 have been patched to protect against these threats. For Linux, the updated versions include 535.261.03, 570.172.08, and 575.64.05. The vGPU software has also been secured in versions 6.11 and 18.4.

Recent months have seen increased scrutiny on Nvidia's security practices, especially following the discovery of vulnerabilities in the company's Triton Inference Server during the Pwn2Own hacking competition in May 2025. The ongoing focus on enhancing cybersecurity measures highlights the importance of keeping software up to date to safeguard against potential threats.

Article collated/edited/curated, or written in-house, by The Munich Eye.