Severity
Medium
Analysis Summary
CVE-2025-23290 CVSS:2.5
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability might lead to information disclosure.
CVE-2025-23285 CVSS:5.5
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service.
CVE-2025-23283 CVSS:7.8
NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
CVE-2025-23288 CVSS:3.3
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may cause an exposure of sensitive system information with local unprivileged system access. A successful exploit of this vulnerability may lead to Information disclosure.
CVE-2025-23287 CVSS:3.3
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure.
CVE-2025-23286 CVSS:4.4
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.
CVE-2025-23281 CVSS:7
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
CVE-2025-23279 CVSS:7
NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering.
CVE-2025-23278 CVSS:7.1
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering or denial of service.
CVE-2025-23276 CVSS:7.8
NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to escalation of privileges, denial of service, code execution, information disclosure and data tampering.
Impact
- Denial of Service
- Code Execution
- Buffer Overflow
- Data Manipulation
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2025-23290
- CVE-2025-23285
- CVE-2025-23283
- CVE-2025-23288
- CVE-2025-23287
- CVE-2025-23286
- CVE-2025-23281
- CVE-2025-23279
- CVE-2025-23278
- CVE-2025-23276
Affected Vendors
- NVIDIA
Affected Products
- NVIDIA GPU Display Drivers R535
- NVIDIA GPU Display Drivers R570
- NVIDIA GPU Display Drivers R575
Remediation
Refer to NVIDIA Security Advisory for patch, upgrade, or suggested workaround information.