Overview of the Security Vulnerabilities

Recent findings have revealed significant security vulnerabilities affecting Nvidia graphics drivers on Linux systems. These issues pose a serious risk as they could potentially allow malicious actors to execute harmful code on affected computers.

Details of the Vulnerabilities

Three notable security flaws have been identified, with the most critical one categorized as CVE-2025-23244. This vulnerability is described as having a 'high' severity level and enables an attacker to exploit the driver without requiring authentication. If successfully executed, this could lead to the complete compromise of the system.

Currently, there is limited information regarding the specific methods of attack or whether any incidents have already occurred. Additionally, it remains unclear how users can detect if their systems have been compromised.

Additional Risks

In addition to the primary vulnerability, two other weaknesses, CVE-2025-23245 and CVE-2025-23246, rated as 'medium' severity, also affect both Linux and Windows platforms. These vulnerabilities are linked to the virtual GPU (vGPU) software, specifically the Virtual GPU Manager (vGPU plugin). A successful attack could lead to Denial-of-Service (DoS) conditions, which typically result in software crashes and service interruptions.

Recommended Actions

It is highly recommended that users with Nvidia graphics cards update their GPU drivers promptly to mitigate these security risks. Nvidia has released patches to address these vulnerabilities in several driver versions:

• Linux GPU Drivers:
  • GeForce: 575.51.02, 570.133.07, 550.163.01, 535.247.01
  • RTX, Quadro, NVS: 575.51.02, 570.133.07, 550.163.01, 535.247.01
  • Tesla: 570.133.20, 550.163.01, 535.247.01
• vGPU Software:
  • Linux: 570.133.20, 550.163.01, 535.247.01, 570.133.10, 550.163.02, 535.247.02
  • Azure, Windows Server: 572.83
  • Cloud Gaming on Linux: 570.133.20, 570.133.10

Clarification on Windows Vulnerabilities

There has been some confusion regarding the vulnerabilities affecting Windows. While Nvidia's communication suggested that the drivers for Windows were also at risk, it has since been clarified that only the vGPU software on Windows is affected. This clarification aims to prevent misunderstandings among users concerning the security status of their systems.

Conclusion

Users are urged to stay vigilant and ensure their graphics drivers are up to date to protect against these identified vulnerabilities. Regular updates are essential in maintaining the security and integrity of computer systems, particularly when dealing with known threats.