#1109915 nvidia-open-gpu-kernel-modules: CVE-2025-23279, CVE-2025-23286

#1109915#5
Date:
2025-07-26 07:25:04 UTC
From:
To:
Source: nvidia-graphics-drivers
Severity: serious
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 -10 -11
Control: reassign -2 src:nvidia-graphics-drivers-legacy-340xx 340.76-6
Control: retitle -2 nvidia-graphics-drivers-legacy-340xx: CVE-2025-23279, CVE-2025-23286
Control: tag -2 + wontfix
Control: reassign -3 src:nvidia-graphics-drivers-legacy-390xx 390.48-4
Control: retitle -3 nvidia-graphics-drivers-legacy-390xx: CVE-2025-23279, CVE-2025-23286
Control: tag -3 + wontfix
Control: reassign -4 src:nvidia-graphics-drivers-tesla-418 418.87.01-1
Control: retitle -4 nvidia-graphics-drivers-tesla-418: CVE-2025-23279, CVE-2025-23286
Control: tag -4 + wontfix
Control: reassign -5 src:nvidia-graphics-drivers-tesla-450 450.51.05-1
Control: retitle -5 nvidia-graphics-drivers-tesla-450: CVE-2025-23279, CVE-2025-23286
Control: tag -5 + wontfix
Control: close -5 450.248.02-4
Control: reassign -6 src:nvidia-graphics-drivers-tesla-460 460.32.03-1
Control: retitle -6 nvidia-graphics-drivers-tesla-460: CVE-2025-23279, CVE-2025-23286
Control: tag -6 + wontfix
Control: close -6 460.106.00-3
Control: reassign -7 src:nvidia-graphics-drivers-tesla-470 470.57.02-1
Control: retitle -7 nvidia-graphics-drivers-tesla-470: CVE-2025-23279, CVE-2025-23286
Control: tag -7 + wontfix
Control: reassign -8 src:nvidia-graphics-drivers-tesla 510.85.02-1
Control: retitle -8 nvidia-graphics-drivers-tesla: CVE-2025-23279, CVE-2025-23286
Control: found -8 515.48.07-1
Control: found -8 525.60.13-1
Control: tag -8 + wontfix
Control: close -8 525.147.05-6
Control: reassign -9 src:nvidia-open-gpu-kernel-modules 515.43.04-1
Control: retitle -9 nvidia-open-gpu-kernel-modules: CVE-2025-23279, CVE-2025-23286
Control: found -9 520.56.06-1
Control: found -9 525.85.12-1
Control: found -9 530.30.02-1
Control: found -9 535.43.02-1
Control: found -9 545.23.06-1
Control: found -9 550.40.07-1
Control: found -9 555.42.02-1
Control: found -9 560.28.03-1
Control: found -9 565.57.01-1
Control: found -9 570.86.16-1
Control: found -9 575.51.02-1
Control: reassign -10 src:nvidia-graphics-drivers-tesla-535 535.216.01-1
Control: retitle -10 nvidia-graphics-drivers-tesla-535: CVE-2025-23279, CVE-2025-23286
Control: reassign -11 src:nvidia-graphics-drivers-tesla-550 550.54.15-1
Control: retitle -11 nvidia-graphics-drivers-tesla-550: CVE-2025-23279, CVE-2025-23286
Control: tag -11 + wontfix
Control: found -1 340.24-1
Control: found -1 343.22-1
Control: found -1 396.18-1
Control: found -1 430.14-1
Control: found -1 455.23.04-1
Control: found -1 465.24.02-1
Control: found -1 495.44-1
Control: found -1 515.48.07-1
Control: found -1 520.56.06-1
Control: found -1 525.53-1
Control: found -1 530.30.02-1
Control: found -1 535.43.02-1
Control: found -1 545.23.06-1
Control: found -1 550.40.07-1
Control: found -1 555.42.02-1
Control: found -1 560.28.03-1
Control: found -1 565.57.01-1
Control: found -1 570.86.16-1
Control: found -1 575.51.02-1

https://nvidia.custhelp.com/app/answers/detail/a_id/5670

CVE‑2025‑23279	NVIDIA .run Installer for Linux and Solaris contains a
vulnerability where an attacker could use a race condition to escalate
privileges. A successful exploit of this vulnerability might lead to
coqe execution, escalation of privileges, information disclosure, denial
of service, or data tampering.

CVE‑2025‑23286	NVIDIA GPU Display Driver for Windows and Linux contains
a vulnerability where an attacker could read invalid memory. A
successful exploit of this vulnerability might lead to information
disclosure.

Linux Driver Branch	CVEs Addressed
R570			CVE-2025-23279
R535			CVE-2025-23279,  CVE-2025-23286

Driver Branch	Affected Driver Versions		Updated Driver Version

R575		All driver version prior to 575.64.05	575.64.05
R570		All driver version prior to 570.172.08	570.172.08
R535		All driver versions prior to 535.261.03 535.261.03

Andreas

#1109915#42
Date:
2025-12-26 15:17:30 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
nvidia-open-gpu-kernel-modules, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1109915@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann <anbe@debian.org> (supplier of updated nvidia-open-gpu-kernel-modules package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sun, 21 Dec 2025 00:05:31 +0100
Source: nvidia-open-gpu-kernel-modules
Architecture: source
Version: 535.261.03-1
Distribution: bookworm
Urgency: medium
Maintainer: Debian NVIDIA Maintainers <pkg-nvidia-devel@lists.alioth.debian.org>
Changed-By: Andreas Beckmann <anbe@debian.org>
Closes: 1109915
Changes:
 nvidia-open-gpu-kernel-modules (535.261.03-1) bookworm; urgency=medium
 .
   * New upstream LTS and Tesla branch release 535.261.03 (2025-07-17).
     * Fixed CVE-2025-23279, CVE-2025-23286.  (Closes: #1109915)
https://nvidia.custhelp.com/app/answers/detail/a_id/5670
   * Sync with src:nvidia-graphics-drivers.
   * Upload to bookworm.
 .
 nvidia-open-gpu-kernel-modules (535.247.01-2) UNRELEASED; urgency=medium
 .
   * Backport page_pgmap and hmm_make_device_exclusive_range changes from
     570.153.02 to fix open kernel module build for Linux 6.15.
   * Sync with src:nvidia-graphics-drivers.
Checksums-Sha1:
 8b022f3a96f4fd843112571b11db215c0c2c745e 2681 nvidia-open-gpu-kernel-modules_535.261.03-1.dsc
 5a30d2cb6ba1c41bd348e11abd46f94ca1eb861d 12521372 nvidia-open-gpu-kernel-modules_535.261.03.orig.tar.xz
 775b504fedee3e93faa786143a2ae2d543be7aee 30272 nvidia-open-gpu-kernel-modules_535.261.03-1.debian.tar.xz
 56c10fc60c70b8c1256a440d9777e06be0ccc88b 6096 nvidia-open-gpu-kernel-modules_535.261.03-1_source.buildinfo
Checksums-Sha256:
 5de1fdaa0d57529ebd24818fecfc1df4ef2e53b2b1a736debd6a2098625cf0e1 2681 nvidia-open-gpu-kernel-modules_535.261.03-1.dsc
 14f64f53694d4a580ea68a561db02c2a8847790087a86f50fd2f40eac3eebb8f 12521372 nvidia-open-gpu-kernel-modules_535.261.03.orig.tar.xz
 3a21bfbc11925c2a26528e6a0fc91168edfe74cbf466be12089ee922bc9617c2 30272 nvidia-open-gpu-kernel-modules_535.261.03-1.debian.tar.xz
 542bf7a17476d9cf922df14bc1cee85e42e6834781f9fe629bf3645e3fceba9f 6096 nvidia-open-gpu-kernel-modules_535.261.03-1_source.buildinfo
Files:
 fb647a6b788c48222d9f67c7e67f00b6 2681 contrib/kernel optional nvidia-open-gpu-kernel-modules_535.261.03-1.dsc
 5e32dcdc7cf550d00e2af872104131dc 12521372 contrib/kernel optional nvidia-open-gpu-kernel-modules_535.261.03.orig.tar.xz
 fa41eab23b2e72ddc5844322b3380d4f 30272 contrib/kernel optional nvidia-open-gpu-kernel-modules_535.261.03-1.debian.tar.xz
 124bebfeebbc51fdf9e0371017800c2b 6096 contrib/kernel optional nvidia-open-gpu-kernel-modules_535.261.03-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmlHL4cQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCOAWD/0XMiq74hdLyv4gf0VoRkcuU23rz132o9tP
7xZk2i+y6Yi2NDJzVWyAkzxzJpZeLYZWdZTDCpGhlGZK3+mvYBiCdP216ga6+mfq
eESmVGV9bQTnyuBpGHbzDLCttou0uK9R4Wqb2yd3t8YQOWdHQ17dgxnKh8KLEuUX
ghD2YFC+vE8ntGOej0HXsvr4qYiY/UJc8xf6HXMpwpNK91YhX37wJyQKHu/DXxeQ
RD23hfUruySfoYEDLQIMfJosAJcpRy5GuRPHb4opJuCYdk7jTVxZuLBlbRZTbll/
oTTr5FaJC/UYV+otDSWXUY0n4TMIw/aoNO0EDx7TQtLsgNyWcPyDVHGabla9Ktl0
T41eT7rmOmTMzKMzmalU0MX5QMdG4BYsJrGuMpuhsQnZ3prJHbL2nF1c0s+F+Sj+
gs5GU6lPjQmSS/BgDobmXNRn5vWFdvBdKo8PhGns7rW9wExlrz2p3d8/DowjlvEo
8T3xHl2+m7Qe+qoMvrTfj4HK8fdJjojZ40IhwkCD9KYGZRNqWTtbOy0iGpuvbrWg
iXWep8eJQt8zDYZ2FzRORBTPLfNKbLZf/023cw3O91DaS4QeoBNVdfuRpKNJXCOp
xHO/QbDhryq0eRhYRwxp9gv9oFWGCBmwVC4Eje35h9tD/9bRGHSuyBTKZCJ6A9R6
7b76lVuQrw==
=3ST7
-----END PGP SIGNATURE-----