NVIDIA has released a sweeping security update to address a series of high‑severity vulnerabilities in its GPU Display Driver and vGPU software, with the flaws potentially allowing code execution, privilege escalation, or denial of service on Windows and Linux systems. One of the most concerning issues is CVE-2025-33217, a Use After Free vulnerability in the NVIDIA Display Driver for Windows, which affects the user‑mode layer of the driver and could enable local code execution.
According to the bulletin, a successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
Additional flaws include CVE-2025-33218 in the kernel mode layer (nvlddmkm[.]sys) and CVE-2025-33219 in a kernel module on Linux, both involving integer overflows that could have similarly catastrophic outcomes, while CVE-2025-33220 concerns the Virtual GPU Manager in enterprise and cloud environments, enabling a malicious guest to trigger heap memory access after freeing memory.
NVIDIA has published updates across all affected branches, with Windows drivers to versions 591.59, 582.16, 573.76, or 539.64 and Linux drivers to 590.48.01, 580.126.09, 570.211.01, or 535.288.01.