ALAS2023NVIDIA-2025-068

Amazon Linux 2023 Security Advisory: ALAS2023NVIDIA-2025-068
Advisory Released Date: 2025-05-13
Advisory Updated Date: 2026-05-13

Severity: Important

References: CVE-2024-0131 CVE-2024-0147 CVE-2024-0149 CVE-2024-53869 CVE-2025-23244
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service. (CVE-2024-0131)

NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. (CVE-2024-0147)

NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure. (CVE-2024-0149)

NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure. (CVE-2024-53869)

NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. (CVE-2025-23244)

Affected Packages:

nvidia-driver

Issue Correction:
Run dnf update nvidia-driver --releasever latest or dnf update --advisory ALAS2023NVIDIA-2025-068 --releasever latest to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

x86_64:
    libnvidia-cfg-570.133.20-1.amzn2023.x86_64
    libnvidia-ml-570.133.20-1.amzn2023.x86_64
    nvidia-driver-cuda-570.133.20-1.amzn2023.x86_64
    nvidia-driver-cuda-libs-570.133.20-1.amzn2023.x86_64

Changelog:

2026-05-13: CVE-2024-53869 was added to this advisory.

2026-05-13: CVE-2024-0149 was added to this advisory.

2026-05-13: CVE-2024-0147 was added to this advisory.

2026-05-13: CVE-2024-0131 was added to this advisory.

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-53869, CVE-2025-23244

Mitre: CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-53869, CVE-2025-23244