ISN 2025-17: Vulnerabilities in NVIDIA Graphics Driver
Updated 6 October 2025 (further CVEs, OS 12 fix version)
First published 24 June 2025
CVSS 3.1: 7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Security vulnerabilities have been discovered in the NVDIA GPU driver, used in IGEL OS for NVIDIA graphics hardware. This affects the following product versions:
IGEL OS 12
IGEL OS 11
Details
It has been found that the NVDIA GPU driver before version 535.247.01 has an authorization issue that could allow an unprivileged attacker to escalate privilege. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. (CVE-2025-23244, high)
Apart from this, NVIDIA lists a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure (CVE-2025-23286, high). CVE-2025-23279 concerns the installer only, so it does not affect IGEL OS, which does not contain the installer.
Update Instructions
OS 12: Update to OS 12.7.4 when available (planned for December).
OS 11: Update to OS 11.11.100 when available (planned end of November).
References
CVE-2025-23244: https://www.cve.org/CVERecord?id=CVE-2025-23244
Security Bulletin: NVIDIA GPU Display Driver - July 2025: https://nvidia.custhelp.com/app/answers/detail/a_id/5670
Security Bulletin: NVIDIA GPU Display Driver - April 2025: https://nvidia.custhelp.com/app/answers/detail/a_id/5630