CVE-2025-23280 - Vulnerability Details - OpenCVE

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-23280
https://nvidia.custhelp.com/app/answers/detail/a_id/5703
https://www.cve.org/CVERecord?id=CVE-2025-23280

History

Fri, 10 Oct 2025 17:45:00 +0000

Type	Values Removed	Values Added
Description		NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
Weaknesses		CWE-416
References		https://nvd.nist.gov/vuln/detail/CVE-2025-23280 https://nvidia.custhelp.com/app/answers/detail/a_id/5703 https://www.cve.org/CVERecord?id=CVE-2025-23280
Metrics		cvssV3_1 `{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2025-10-10T17:41:13.886Z

Updated: 2025-10-10T20:29:44.228Z

Reserved: 2025-01-14T01:06:24.333Z

Link: CVE-2025-23280

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-10T18:15:39.013

Modified: 2025-10-10T18:15:39.013

Link: CVE-2025-23280

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23280", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2025-01-14T01:06:24.333Z", "datePublished": "2025-10-10T17:41:13.886Z", "dateUpdated": "2025-10-10T20:29:44.228Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux(R580)"], "product": "GeForce", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 580.95.05"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R570)"], "product": "GeForce", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 570.195.03"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R535)"], "product": "GeForce", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 535.274.02"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R580)"], "product": "NVIDIA RTX, Quadro, NVS", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 580.95.05"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R570)"], "product": "NVIDIA RTX, Quadro, NVS", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 570.195.03"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R535)"], "product": "NVIDIA RTX, Quadro, NVS", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 535.274.02"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R580)"], "product": "Tesla", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 580.95.05"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R570)"], "product": "Tesla", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 570.195.03"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R535)"], "product": "Tesla", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All driver versions prior to 535.274.02"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R580 vGPU 19)"], "product": "Guest driver", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "580.82.07(All versions prior to and including vGPU 19.1)"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R580 Gaming)"], "product": "Guest driver", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "580.82.07(All versions up to and including the August 2025 release)"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R570 vGPU 18)"], "product": "Guest driver", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "570.172.08(All versions prior to and including vGPU 18.4)"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux(R535 vGPU 16)"], "product": "Guest driver", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "535.261.03(All versions prior to and including vGPU 16.11)"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure."}], "value": "NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Code Execution, Escalation of Privileges, Data Tampering, Information Disclosure, Denial of Service"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-10-10T17:41:13.886Z"}, "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23280"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-23280"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5703"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-10T20:29:36.380862Z", "id": "CVE-2025-23280", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-10T20:29:44.228Z"}}]}}