Use-After-Free Vulnerability in NVIDIA Display Driver for Linux
CVE-2025-23280

7HIGH

Key Information:

Vendor: Nvidia
Status: Geforce; Nvidia Rtx, Quadro, Nvs; Tesla; Guest Driver
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-23280?

The NVIDIA Display Driver for Linux has a vulnerability where improper management of memory can occur, leading to a use-after-free condition. This flaw allows attackers to exploit the vulnerability, potentially triggering code execution, escalating privileges, tampering with data, causing denial of service, or disclosing sensitive information. It is critical for users to promptly apply security updates to mitigate these risks.

Affected Version(s)

GeForce Linux(R535) All driver versions prior to 535.274.02

GeForce Linux(R570) All driver versions prior to 570.195.03

GeForce Linux(R580) All driver versions prior to 580.95.05

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23280

https://www.cve.org/CVERecord?id=CVE-2025-23280

https://nvidia.custhelp.com/app/answers/detail/a_id/5703

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Jan 14, 2025

JSON

Nvidia

What is CVE-2025-23280?

Affected Version(s)

References

CVSS V3.1

Timeline