Bug#1126073: nvidia-cuda-toolkit: CVE-2025-33228 CVE-2025-33229 CVE-2025-33230 CVE-2025-33231
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 21 15:34:24 GMT 2026
Source: nvidia-cuda-toolkit
Version: 12.4.1-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerabilities were published for nvidia-cuda-toolkit.
CVE-2025-33228[0]:
| NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot
| recipe, where an attacker could cause an OS command injection by
| supplying a malicious string to the process_nsys_rep_cli.py script
| if the script is invoked manually. A successful exploit of this
| vulnerability might lead to code execution, escalation of
| privileges, data tampering, denial of service, and information
| disclosure.
CVE-2025-33229[1]:
| NVIDIA Nsight Visual Studio for Windows contains a vulnerability in
| Nsight Monitor where an attacker can execute arbitrary code with the
| same privileges as the NVIDIA Nsight Visual Studio Edition Monitor
| application. A successful exploit of this vulnerability may lead to
| escalation of privileges, code execution, data tampering, denial of
| service, and information disclosure.
CVE-2025-33230[2]:
| NVIDIA Nsight Systems for Linux contains a vulnerability in the .run
| installer, where an attacker could cause an OS command injection by
| supplying a malicious string to the installation path. A successful
| exploit of this vulnerability might lead to escalation of
| privileges, code execution, data tampering, denial of service, and
| information disclosure.
CVE-2025-33231[3]:
| NVIDIA Nsight Systems for Windows contains a vulnerability in the
| application’s DLL loading mechanism where an attacker could cause an
| uncontrolled search path element by exploiting insecure DLL search
| paths. A successful exploit of this vulnerability might lead to code
| execution, escalation of privileges, data tampering, denial of
| service and information disclosure.
Andreas, from [4] it is not entirely clear to me which subset is e.g.
Windows affecting only. I suspect the CVE-2025-33229 one and
CVE-2025-33231 given the description. For now I still covered all CVEs
in the [4] advisory and listed under security updates for
nvidia-cuda-toolkit a well in the security tracker as such. Please let
us know if you can assess this more specifically and we should update
the tracking data.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-33228
https://www.cve.org/CVERecord?id=CVE-2025-33228
[1] https://security-tracker.debian.org/tracker/CVE-2025-33229
https://www.cve.org/CVERecord?id=CVE-2025-33229
[2] https://security-tracker.debian.org/tracker/CVE-2025-33230
https://www.cve.org/CVERecord?id=CVE-2025-33230
[3] https://security-tracker.debian.org/tracker/CVE-2025-33231
https://www.cve.org/CVERecord?id=CVE-2025-33231
[4] https://nvidia.custhelp.com/app/answers/detail/a_id/5755
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-nvidia-devel
mailing list