NVIDIA Update: 14 Vulnerabilities Patched in GPU Drivers & vGPU Software

NVIDIA has released software security updates for its GPU Display Drivers and vGPU software across Windows, Linux, and virtualized environments, addressing a total of 14 vulnerabilities, some of which could allow code execution, privilege escalation, or information disclosure.

These flaws impact both consumer-grade GeForce and RTX drivers, as well as enterprise-class vGPU deployments used in cloud and data center infrastructure.

Flaws in NVIDIA GPU Drivers

Among the most severe vulnerabilities:

• CVE-2025-23276 (CVSS 7.8): A privilege escalation flaw in the NVIDIA Installer for Windows could allow an attacker to gain elevated privileges, execute arbitrary code, or disrupt system operations.
• CVE-2025-23277 (CVSS 7.3): A kernel mode driver bug affects both Windows and Linux, allowing out-of-bounds memory access.
• CVE-2025-23278 (CVSS 7.1): Improper index validation could allow attackers to crash systems or manipulate data.

vGPU Software Vulnerabilities Threaten Virtual Environments

Attackers in guest VMs can exploit flaws in the NVIDIA Virtual GPU Manager, used in platforms like Citrix, VMware, Red Hat KVM, and Azure Stack HCI.

• CVE-2025-23283, CVE-2025-23284 (CVSS 7.8): These are stack buffer overflow vulnerabilities in vGPU that could enable malicious guests to execute code, escalate privileges, or extract data from other virtual machines.
• CVE-2025-23285 (CVSS 5.5): Allows a guest to improperly access global resources, leading to denial of service.
• CVE-2025-23290 (CVSS 2.5): Enables a VM to read GPU metrics that might reveal cross-VM activity — a potential privacy leak.

Affected Products and Driver Versions

GPU Display Driver (Windows/Linux):

• GeForce, Quadro, NVS, and Tesla series
• Affected versions:
  • R575: All versions before 577.00
  • R570: Before 573.48
  • R535: Before 539.41
• Patched versions: 577.00 (R575), 573.48 (R570), 539.41 (R535)

vGPU Software:

• Affected: vGPU versions prior to 18.4 (573.48) and 16.11 (539.41) across Windows, Linux, Citrix, VMware, and Azure Stack HCI
• Updated versions now available through the NVIDIA Licensing Portal

NVIDIA urges all users and IT administrators to immediately upgrade their drivers and vGPU software.

Related Posts:

• NVIDIA Releases Security Update to Address GPU Driver Vulnerabilities
• NVIDIA Addresses High Security Flaws in GPU Display Drivers and vGPU Software
• Google Formally Integrates Kubernetes Engine and GPU Services
• Hacker group threatens to expose Nvidia driver and firmware data
• New VMware Findings: Kernel Drivers’ Vulnerabilities Risk Total Device Takeover