Updated 6 October 2025 (further CVEs, OS 12 fix version)
First published 24 June 2025
CVSS 3.1: 7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Security vulnerabilities have been discovered in the NVDIA GPU driver, used in IGEL OS for NVIDIA graphics hardware. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
It has been found that the NVDIA GPU driver before version 535.247.01 has an authorization issue that could allow an unprivileged attacker to escalate privilege. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. (CVE-2025-23244, high)
Apart from this, NVIDIA lists a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure (CVE-2025-23286, high). CVE-2025-23279 concerns the installer only, so it does not affect IGEL OS, which does not contain the installer.
Update Instructions
-
OS 12: Update to OS 12.7.4 when available (planned for December).
-
OS 11: Update to OS 11.11.100 when available (planned end of November).
References
-
CVE-2025-23244: https://www.cve.org/CVERecord?id=CVE-2025-23244
-
Security Bulletin: NVIDIA GPU Display Driver - July 2025: https://nvidia.custhelp.com/app/answers/detail/a_id/5670
-
Security Bulletin: NVIDIA GPU Display Driver - April 2025: https://nvidia.custhelp.com/app/answers/detail/a_id/5630