CVE-2023-25515

Опубликовано: 23 июн. 2023

Источник: debian

EPSS Низкий

Описание

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
nvidia-open-gpu-kernel-modules	fixed	525.125.06-1		package
nvidia-open-gpu-kernel-modules	fixed	525.125.06-1~deb12u1	bookworm	package
nvidia-graphics-drivers-tesla	fixed	525.125.06-1		package
nvidia-graphics-drivers-tesla	fixed	525.125.06-1~deb12u1	bookworm	package
nvidia-graphics-drivers-tesla-470	fixed	470.199.02-1		package
nvidia-graphics-drivers-tesla-470	fixed	470.199.02-1~deb12u1	bookworm	package
nvidia-graphics-drivers-tesla-470	fixed	470.199.02-1~deb11u1	bullseye	package
nvidia-graphics-drivers-tesla-460	fixed	460.106.00-3		package
nvidia-graphics-drivers-tesla-460	no-dsa		bullseye	package
nvidia-graphics-drivers-tesla-450	fixed	450.248.02-1		package
nvidia-graphics-drivers-tesla-450	fixed	450.248.02-1~deb11u1	bullseye	package
nvidia-graphics-drivers-tesla-418	unfixed			package
nvidia-graphics-drivers-tesla-418	no-dsa		bullseye	package
nvidia-graphics-drivers-legacy-390xx	unfixed			package
nvidia-graphics-drivers-legacy-390xx	no-dsa		bullseye	package
nvidia-graphics-drivers-legacy-390xx	no-dsa		buster	package
nvidia-graphics-drivers-legacy-340xx	unfixed			package
nvidia-graphics-drivers-legacy-340xx	ignored		buster	package
nvidia-graphics-drivers	fixed	525.125.06-1		package
nvidia-graphics-drivers	fixed	525.125.06-1~deb12u1	bookworm	package
nvidia-graphics-drivers	fixed	470.199.02-1	bullseye	package
nvidia-graphics-drivers	postponed		buster	package

Примечания

460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
https://nvidia.custhelp.com/app/answers/detail/a_id/5468

EPSS

Процентиль: 16%

0.00051

Низкий

Связанные уязвимости

CVE-2023-25515

CVSS3: 7.8

nvd

больше 2 лет назад

GHSA-wh8r-hxhg-w5g2

CVSS3: 7.1

github

больше 2 лет назад

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.

BDU:2023-06212

CVSS3: 7.8

fstec

больше 2 лет назад

Уязвимость драйвера программного обеспечения графического процессора NVIDIA GPU, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

ROS-20250925-07

CVSS3: 8.2

redos

2 месяца назад

Множественные уязвимости nvidia-persistenced

ROS-20250925-06

CVSS3: 8.2

redos

2 месяца назад

Множественные уязвимости nvidia-drivers

EPSS

Процентиль: 16%

0.00051

Низкий