Skip to main content
Skip table of contents

ISN 2025-17: Vulnerabilities in NVIDIA Graphics Driver

Updated 6 October 2025 (further CVEs, OS 12 fix version)

First published 24 June 2025

CVSS 3.1: 7.8 (High)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Security vulnerabilities have been discovered in the NVDIA GPU driver, used in IGEL OS for NVIDIA graphics hardware. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

It has been found that the NVDIA GPU driver before version 535.247.01 has an authorization issue that could allow an unprivileged attacker to escalate privilege. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. (CVE-2025-23244, high)

Apart from this, NVIDIA lists a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure (CVE-2025-23286, high). CVE-2025-23279 concerns the installer only, so it does not affect IGEL OS, which does not contain the installer.

Update Instructions

  • OS 12: Update to OS 12.7.4 when available (planned for December).

  • OS 11: Update to OS 11.11.100 when available (planned end of November).

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.