NVIDIA has released an important software update for its GPU Display Driver, addressing multiple that could lead to code execution, privilege escalation, data tampering, or denial of service. The fixes span across Windows, Linux, vGPU, and cloud gaming components, covering driver branches R580, R570, and R535.
The bulletin lists several high-impact in both NVIDIA Display Driver and vGPU Software, affecting consumer GeForce, professional RTX/Quadro/NVS, and data center Tesla products.
Among the most serious issues are:
- CVE-2025-23309 — A in the NVIDIA Display Driver where “an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering.” It carries a CVSS base score of 8.2 (High) and is classified under CWE-427 (Uncontrolled Search Path Element).
- CVE-2025-23347 — A in NVIDIA Project G-Assist that allows a local attacker to “escalate permissions” and potentially achieve “code execution, escalation of privileges, data tampering, denial of service, and information disclosure.” This has a CVSS score of 7.8 (High) and is tracked under CWE-276 (Incorrect Default Permissions).
- CVE-2025-23280 and CVE-2025-23282 — Two Linux driver vulnerabilities enabling attackers to exploit a use-after-free and race condition, respectively, which “might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.” Both received CVSS scores of 7.0 (High).
- CVE-2025-23345 — A cross-platform vulnerability in a video decoder module, where “an attacker might cause an out-of-bounds read,” resulting in “information disclosure or denial of service.” Rated Medium (CVSS 4.4) under CWE-125 (Out-of-bounds Read).
The bulletin also includes updates for NVIDIA vGPU Software and NVIDIA Cloud Gaming environments. The most severe of these is CVE-2025-23352, affecting the Virtual GPU Manager:
“NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access,” the bulletin warns. “A successful exploit… might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.”
This issue affects virtualized environments running XenServer, VMware vSphere, Red Hat Enterprise Linux KVM, and Ubuntu.
The patched versions are now available for download from the NVIDIA Driver Downloads and NVIDIA Licensing Portal pages.
Windows Drivers
| Product | Branch | Affected Versions | Fixed Version |
|---|---|---|---|
| GeForce / RTX / Quadro / NVS / Tesla | R580 | All versions prior to 581.42 | 581.42 |
| R570 | All versions prior to 573.76 | 573.76 | |
| R535 | All versions prior to 539.56 | 539.56 |
Linux Drivers
| Product | Branch | Affected Versions | Fixed Version |
|---|---|---|---|
| GeForce / RTX / Quadro / NVS / Tesla | R580 | All versions prior to 580.95.05 | 580.95.05 |
| R570 | All versions prior to 570.195.03 | 570.195.03 | |
| R535 | All versions prior to 535.274.02 | 535.274.02 |
NVIDIA has synchronized fixes across both vGPU guest drivers and Virtual GPU Manager components, ensuring consistent protection for Windows, Linux, and cloud-based platforms.
NVIDIA strongly recommends users update to the latest drivers immediately to mitigate exposure. The patches not only prevent potential exploitation but also ensure ongoing stability across gaming, AI, and enterprise GPU workloads.
