ISN 2025-17: Vulnerability in NVIDIA Graphics Driver

First published 24 June 2025

CVSS 3.1: 7.8 (High)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been discovered in the NVDIA GPU driver, used in IGEL OS for NVIDIA graphics hardware. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

It has been found that the NVDIA GPU driver before version 535.247.01 has an authorization issue that could allow an unprivileged attacker to escalate privilege. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. (CVE-2025-23244, high)

Update Instructions

• OS 12: Update to OS 12.8.0 when available (planned for August).

• OS 11: Update to OS 11.11.100 when available (planned for August).

References

• CVE-2025-23244: https://www.cve.org/CVERecord?id=CVE-2025-23244

• Security Bulletin: NVIDIA GPU Display Driver - April 2025: https://nvidia.custhelp.com/app/answers/detail/a_id/5630