CVE-2025-23300

Public on 2025-10-13

Modified on 2025-10-13

Description

NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service.
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5703

Severity

Medium

See what this means

CVSS v3 Base Score

5.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 2023	cuda-compat	2025-11-05	ALAS2023NVIDIA-2025-255	Fixed
Amazon Linux 2023	cuda-drivers	2025-11-05	ALAS2023NVIDIA-2025-254	Fixed
Amazon Linux 2023	kmod-nvidia-latest-dkms	2025-11-05	ALAS2023NVIDIA-2025-253	Fixed
Amazon Linux 2023	kmod-nvidia-open-dkms	2025-11-05	ALAS2023NVIDIA-2025-252	Fixed
Amazon Linux 2023	libnvidia-nscq	2025-11-05	ALAS2023NVIDIA-2025-250	Fixed
Amazon Linux 2023	libnvsdm	2025-11-05	ALAS2023NVIDIA-2025-249	Fixed
Amazon Linux 2023	nvidia-driver	2025-11-05	ALAS2023NVIDIA-2025-251	Fixed
Amazon Linux 2023	nvidia-fabricmanager	2025-11-05	ALAS2023NVIDIA-2025-248	Fixed
Amazon Linux 2023	nvidia-imex	2025-11-05	ALAS2023NVIDIA-2025-247	Fixed
Amazon Linux 2023	nvidia-kmod-common	2025-11-05	ALAS2023NVIDIA-2025-246	Fixed
Amazon Linux 2023	nvidia-modprobe	2025-11-05	ALAS2023NVIDIA-2025-244	Fixed
Amazon Linux 2023	nvidia-open	2025-11-05	ALAS2023NVIDIA-2025-243	Fixed
Amazon Linux 2023	nvidia-persistenced	2025-11-05	ALAS2023NVIDIA-2025-242	Fixed
Amazon Linux 2023	nvidia-settings	2025-11-05	ALAS2023NVIDIA-2025-245	Fixed
Amazon Linux 2023	nvidia-xconfig	2025-11-05	ALAS2023NVIDIA-2025-241	Fixed
Amazon Linux 2023	nvlink5	2025-11-05	ALAS2023NVIDIA-2025-240	Fixed
Amazon Linux 2023	nvlink5-580	2025-11-05	ALAS2023NVIDIA-2025-239	Fixed

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2025-23300 Mitre: CVE-2025-23300