ALAS2023NVIDIA-2025-239

Amazon Linux 2023 Security Advisory: ALAS2023NVIDIA-2025-239
Advisory Released Date: 2025-11-05
Advisory Updated Date: 2025-11-17

Severity: Important

References: CVE-2025-23280 CVE-2025-23282 CVE-2025-23300 CVE-2025-23330 CVE-2025-23332 CVE-2025-23345
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. (CVE-2025-23280)

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. (CVE-2025-23282)

NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service.
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5703 (CVE-2025-23300)

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to cause a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5703 (CVE-2025-23330)

NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where an attacker might be able to cause a null pointer deference. A successful exploit of this vulnerability might lead to denial of service.
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5703 (CVE-2025-23332)

NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to information disclosure or denial of service.
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5703 (CVE-2025-23345)

Affected Packages:

nvlink5-580

Issue Correction:
Run dnf update nvlink5-580 --releasever latest or dnf update --advisory ALAS2023NVIDIA-2025-239 --releasever latest to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

x86_64:
    nvlink5-580-580.95.05-1.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345

Mitre: CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345