CVE-2023-25516

2023-07-0400:15:09

CWE-190

nvidia

web.nvd.nist.gov

nvidia

gpu

linux

driver

vulnerability

integer overflow

cve-2023-25516

nvd

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.

Affected configurations

Nvd

Node

nvidiagpu_display_driverRange≤11.12linux

nvidiagpu_display_driverRange13.0–13.7linux

nvidiagpu_display_driverRange15.0–15.2linux

VendorProductVersionCPE
nvidiagpu_display_driver*cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*

Vendor	Product	Version	CPE
nvidia	gpu_display_driver	*	cpe:2.3:a:nvidia:gpu_display_driver::::::linux::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "GPU Display Driver for Linux",
    "vendor": "NVIDIA",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to and including 15.2, 13.7, and 11.12, and all versions prior to and including the May 2023 release"
      }
    ]
  }
]