CVE-2025-23279 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7 HIGH	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvidia	CNA	7 HIGH	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

nvidia-graphics-drivers

bullseye/non-free	vulnerable
bookworm	no-dsa
bookworm/non-free-firmware	vulnerable
bullseye	ignored
sid/non-free-firmware	vulnerable
trixie/non-free-firmware	vulnerable

nvidia-graphics-drivers-legacy-340xx

sid/non-free	vulnerable
bookworm	no-dsa
bullseye	ignored

nvidia-graphics-drivers-legacy-390xx

bullseye/non-free	vulnerable
bookworm	no-dsa
sid/non-free	vulnerable
bullseye	ignored

nvidia-graphics-drivers-tesla

bookworm/non-free-firmware	525.147.05-15~deb12u1 fixed
bullseye	ignored
sid/non-free-firmware	525.147.05-16 fixed
bookworm	no-dsa

nvidia-graphics-drivers-tesla-418

bullseye/non-free	vulnerable
bookworm	no-dsa
sid/non-free	vulnerable
bullseye	ignored

nvidia-graphics-drivers-tesla-450

bullseye/non-free	450.248.02-7~deb11u1 fixed
bookworm	no-dsa
sid/non-free	450.248.02-11 fixed
bullseye	ignored

nvidia-graphics-drivers-tesla-460

bullseye/non-free	460.106.00-17~deb11u1 fixed
bookworm	no-dsa
sid/non-free	460.106.00-21 fixed
bullseye	ignored

nvidia-graphics-drivers-tesla-470

bullseye/non-free	vulnerable
bookworm	no-dsa
bookworm/non-free	vulnerable
bullseye	ignored
sid/non-free	vulnerable

nvidia-graphics-drivers-tesla-535

bookworm/non-free-firmware	vulnerable
bullseye	ignored
sid/non-free-firmware	vulnerable
trixie/non-free-firmware	vulnerable
bookworm	no-dsa

nvidia-graphics-drivers-tesla-550

sid/non-free-firmware	vulnerable
bookworm	no-dsa
bullseye	ignored

nvidia-open-gpu-kernel-modules

bookworm/contrib	vulnerable
bullseye	ignored
sid/contrib	vulnerable
trixie/contrib	vulnerable
bookworm	no-dsa

Common Weakness Enumeration

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5670