CVE-2023-25515

Name of the Vulnerable Software and Affected Versions NVIDIA GPU Display Driver for Windows and Linux (affected versions not specified) NVIDIA Jetson (affected versions not specified)

Description The issue is related to the parsing of unexpected untrusted data, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. Additionally, there is a vulnerability in CBoot where the PCIe controller is initialized without IOMMU, potentially allowing an attacker with physical access to the target device to read and write to arbitrary memory, resulting in code execution, denial of service, information disclosure, and loss of integrity.

Recommendations For NVIDIA GPU Display Driver for Windows and Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For NVIDIA Jetson, consider restricting physical access to the target device to minimize the risk of exploitation until a patch is available.