Use-After-Free Vulnerability in NVIDIA Display Driver for Linux
CVE-2025-23280

7HIGH

Key Information:

Vendor: Nvidia
Status: Geforce; Nvidia Rtx, Quadro, Nvs; Tesla; Guest Driver
Vendor: CVE Published:; 10 October 2025

🔔 Create Nvidia Vulnerability Alert

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-23280?

The NVIDIA Display Driver for Linux has a vulnerability where improper management of memory can occur, leading to a use-after-free condition. This flaw allows attackers to exploit the vulnerability, potentially triggering code execution, escalating privileges, tampering with data, causing denial of service, or disclosing sensitive information. It is critical for users to promptly apply security updates to mitigate these risks.

Affected Version(s)

GeForce Linux(R535) All driver versions prior to 535.274.02

GeForce Linux(R570) All driver versions prior to 570.195.03

GeForce Linux(R580) All driver versions prior to 580.95.05

News Articles

cyberkendra.com

Critical NVIDIA GPU Driver Flaws Allow Linux System Takeover

Two critical NVIDIA Linux GPU driver bugs allow local attackers to gain root access. Patch now—CVE-2025-23280 & CVE-2025-23300 exploit detailed.

thmubnail image

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23280

https://www.cve.org/CVERecord?id=CVE-2025-23280

https://nvidia.custhelp.com/app/answers/detail/a_id/5703

CVSS V3.1

Score:

7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Oct 15, 2025
📰
First article discovered by cyberkendra.com
Oct 15, 2025
Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Jan 14, 2025

.

CVE-2025-23280 : Use-After-Free Vulnerability in NVIDIA Display Driver for Linux