Permission Escalation in NVIDIA GPU Display Driver for Linux
CVE-2025-23244

7.8HIGH

Key Information:

Vendor

Nvidia
Status
Gpu Display Driver, Vgpu Software, Cloud Gaming
Vendor
CVE Published:
1 May 2025

What is CVE-2025-23244?

CVE-2025-23244 is a permission escalation vulnerability found in the NVIDIA GPU Display Driver for Linux. This driver is essential for facilitating the functioning of NVIDIA’s graphics processing units (GPUs) on Linux operating systems by enabling graphical rendering and computational tasks. The presence of this vulnerability could be detrimental to organizations as it allows unprivileged attackers the opportunity to escalate their permissions within the system. This escalation could lead to severe consequences, including the ability to execute arbitrary code, disrupt service operations, disclose sensitive information, or improperly modify data.

Technical Details

The vulnerability arises within the NVIDIA GPU Display Driver for Linux, which is designed to handle GPU operations efficiently. It permits standard users to potentially gain elevated permissions through exploitation. Attackers can leverage this flaw for several malicious activities, most notably unauthorized code execution, which can take control of affected systems. The lack of appropriate permission validation creates a significant security gap that could be exploited if left unaddressed.

Potential impact of CVE-2025-23244

  1. Code Execution: With successful exploitation, attackers may gain the capability to execute arbitrary code on the affected systems, leading to potential remote control and unauthorized actions.

  2. Data Tampering: The vulnerability can enable unauthorized modification of information, compromising the integrity of critical data stored on the system.

  3. Denial of Service: Attackers may disrupt the normal functioning of services reliant on the vulnerable driver, resulting in denial of service for legitimate users and significant operational interruptions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GPU Display Driver, vGPU Software, Cloud Gaming Linux R535, R550, R570, R575

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5630

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.