ISN 2025-17: Vulnerabilities in NVIDIA Graphics Driver

Updated 6 October 2025 (further CVEs, OS 12 fix version)

First published 24 June 2025

CVSS 3.1: 7.8 (High)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Security vulnerabilities have been discovered in the NVDIA GPU driver, used in IGEL OS for NVIDIA graphics hardware. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

It has been found that the NVDIA GPU driver before version 535.247.01 has an authorization issue that could allow an unprivileged attacker to escalate privilege. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. (CVE-2025-23244, high)

Apart from this, NVIDIA lists a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure (CVE-2025-23286, high). CVE-2025-23279 concerns the installer only, so it does not affect IGEL OS, which does not contain the installer.

Update Instructions

• OS 12: Update to OS 12.7.4 when available (planned for December).

• OS 11: Update to OS 11.11.100 when available (planned end of November).

References

• CVE-2025-23244: https://www.cve.org/CVERecord?id=CVE-2025-23244

• Security Bulletin: NVIDIA GPU Display Driver - July 2025: https://nvidia.custhelp.com/app/answers/detail/a_id/5670

• Security Bulletin: NVIDIA GPU Display Driver - April 2025: https://nvidia.custhelp.com/app/answers/detail/a_id/5630