Bug#1118679: nvidia-graphics-drivers: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345

Andreas Beckmann anbe at debian.org
Thu Oct 23 21:14:20 BST 2025 

Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 -11
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345
Control: tag -5 + wontfix
Control: close -5 450.248.02-4
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345
Control: tag -7 + wontfix
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: tag -8 + wontfix
Control: close -8 525.147.05-6
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -9 535.43.02-1
Control: found -9 545.23.06-1
Control: found -9 550.40.07-1
Control: found -9 555.42.02-1
Control: found -9 560.28.03-1
Control: found -9 565.57.01-1
Control: found -9 570.86.16-1
Control: found -9 575.51.02-1
Control: found -9 580.65.06-1
Control: reassign -10 src:nvidia-graphics-drivers-tesla-535 535.216.01-1
Control: retitle -10 nvidia-graphics-drivers-tesla-535: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345
Control: reassign -11 src:nvidia-graphics-drivers-tesla-550 550.54.15-1
Control: retitle -11 nvidia-graphics-drivers-tesla-550: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345
Control: tag -11 + wontfix
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: found -1 535.43.02-1
Control: found -1 545.23.06-1
Control: found -1 550.40.07-1
Control: found -1 555.42.02-1
Control: found -1 560.28.03-1
Control: found -1 565.57.01-1
Control: found -1 570.86.16-1
Control: found -1 575.51.02-1
Control: found -1 580.65.06-1


https://nvidia.custhelp.com/app/answers/detail/a_id/5703

CVE-2025-23309	NVIDIA Display Driver contains a vulnerability where an
uncontrolled DLL loading path might lead to arbitrary denial of service,
escalation of privileges, code execution, and data tampering.

CVE-2025-23347	NVIDIA Project G-Assist contains a vulnerability where
an attacker might be able to escalate permissions. A successful exploit
of this vulnerability might lead to code execution, escalation of
privileges, data tampering, denial of service, and information
disclosure.

CVE-2025-23280	NVIDIA Display Driver for Linux contains a vulnerability
where an attacker could cause a use-after-free. A successful exploit of
this vulnerability might lead to code execution, escalation of
privileges, data tampering, denial of service, and information
disclosure.

CVE-2025-23282	NVIDIA Display Driver for Linux contains a vulnerability
where an attacker might be able to use a race condition to escalate
privileges. A successful exploit of this vulnerability might lead to
code execution, escalation of privileges, data tampering, denial of
service, and information disclosure.

CVE-2025-23300 NVIDIA Display Driver for Linux contains a vulnerability
in the kernel driver, where a user could cause a null pointer
dereference by allocating a specific memory resource. A successful
exploit of this vulnerability might lead to denial of service.

CVE-2025-23330	NVIDIA Display Driver for Linux contains a vulnerability
where an attacker might be able to cause a null pointer dereference. A
successful exploit of this vulnerability might lead to denial of
service.

CVE-2025-23332	NVIDIA Display Driver for Linux contains a vulnerability
in a kernel module, where an attacker might be able to cause a null
pointer deference. A successful exploit of this vulnerability might lead
to denial of service.

CVE-2025-23345	NVIDIA Display Driver for Windows and Linux contains a
vulnerability in a video decoder, where an attacker might cause an
out-of-bounds read. A successful exploit of this vulnerability might
lead to information disclosure or denial of service.


Linux Driver Branch	CVEs Addressed
R580, R570, R535	CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345

Driver Branch	Affected Driver Versions			Updated Driver Version
R580		All driver versions prior to 580.95.05		580.95.05
R570		All driver versions prior to 570.195.03		570.195.03
R535		All driver versions prior to 535.274.02		535.274.02


Andreas

More information about the pkg-nvidia-devel mailing list