NVIDIA driver security updates needed

HP ZBook Power 15.6 inch G10 Mobile Workstation PC, running Ubuntu 24.04.2 LTS

Hi everybody,
I remember that at the beginning of this year there were already security issues mentioned, but now we see them again:
Nvidia-Grafikkartentreiber unter Linux angreifbar

$ ubuntu-drivers --gpgpu list
This is gpgpu mode
nvidia-driver-535-server, (kernel modules provided by linux-modules-nvidia-535-server-generic)
nvidia-driver-570-server, (kernel modules provided by linux-modules-nvidia-570-server-generic)
nvidia-driver-535-open, (kernel modules provided by linux-modules-nvidia-535-open-generic)
nvidia-driver-535, (kernel modules provided by linux-modules-nvidia-535-generic)
nvidia-driver-550, (kernel modules provided by linux-modules-nvidia-550-generic)
nvidia-driver-570-server-open, (kernel modules provided by linux-modules-nvidia-570-server-open-generic)
nvidia-driver-550-open, (kernel modules provided by linux-modules-nvidia-550-open-generic)
nvidia-driver-535-server-open, (kernel modules provided by linux-modules-nvidia-535-server-open-generic)

I still use the recommended driver 550.

$ apt list nvidia-driver-550*
Auflistung… Fertig
nvidia-driver-550-open/noble-updates,noble-security 550.120-0ubuntu0.24.04.1 amd64
nvidia-driver-550-server-open/noble-updates,noble-security 550.144.03-0ubuntu0.24.04.1 amd64
nvidia-driver-550-server/noble-updates,noble-security 550.144.03-0ubuntu0.24.04.1 amd64
nvidia-driver-550/noble-updates,noble-security,now 550.120-0ubuntu0.24.04.1 amd64  [installiert]
$ apt list nvidia-driver-570*
Auflistung… Fertig
nvidia-driver-570-server-open/noble-updates,noble-security 570.86.15-0ubuntu0.24.04.4 amd64
nvidia-driver-570-server/noble-updates,noble-security 570.86.15-0ubuntu0.24.04.4 amd64

How do we get the urgently needed security fixes 570.133.07 and 550.163.01 ?

@1fallen How do you could already install it?

Regards, Marc

Please give me more info, and I’m not using 550:

pro fix CVE-2021-1056
CVE-2021-1056: Linux kernel vulnerabilities
 - https://ubuntu.com/security/CVE-2021-1056

No affected source packages are installed.

āœ” CVE-2021-1056 does not affect your system.

apt policy nvidia-driver*|grep Installed

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
 Installed: 570.133.07-0ubuntu2


Please give me a link to the CVE in question.
Thanks And Welcome to the forums @ marrol777

I found this new CVE and it is being looked at currently:

pro fix CVE-2025-23244
CVE-2025-23244: 
NVIDIA GPU Display Driver for Linux contains a vulnerability which could
allow an unprivileged attacker to escalate permissions. A successful
exploit of this vulnerability might lead to code execution, denial of
service, escalation of privileges, information disclosure, and data
tampering.
 - https://ubuntu.com/security/CVE-2025-23244

1 affected source package is installed: nvidia-graphics-drivers-570
(1/1) nvidia-graphics-drivers-570:
Ubuntu security engineers are investigating this issue.

1 package is still affected: nvidia-graphics-drivers-570
✘ CVE-2025-23244 is not resolved.

CVE-2025-23244

Publication date28 April 2025

Last updated28 April 2025


Ubuntu priority

Medium

nvidia-graphics-drivers-570 25.04 plucky Needs evaluation
24.10 oracular Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
nvidia-graphics-drivers-570-server 25.04 plucky Needs evaluation
24.10 oracular Needs evaluation
24.04 LTS noble Needs evaluation
22.04 LTS jammy Needs evaluation
20.04 LTS focal Needs evaluation

@1fallen - yes this is the new CVE-2025-23244 which affects both 550 and 570.
In January both driver-series were affected by these CVEs mentioned here. I am using 550.120 on Noble, not Plucky.

Makes no difference, they are both listed as CVE-2025-23244 is not resolved.

A fix if needed will come in soon enough. :wink:

Today I was offered the update from 550.120 to 550.144.03:

$ apt list nvidia-driver-550*
Auflistung… Fertig
nvidia-driver-550-open/noble-updates 550.144.03-0ubuntu0.24.04.1 amd64
nvidia-driver-550-server-open/noble-updates 550.163.01-0ubuntu0.24.04.1 amd64
nvidia-driver-550-server/noble-updates 550.163.01-0ubuntu0.24.04.1 amd64
nvidia-driver-550/noble-updates 550.144.03-0ubuntu0.24.04.1 amd64 [aktualisierbar von: 550.120-0ubuntu0.24.04.1]

Compare with what I wrote yesterday.
But see, the server drivers are already fixed with 550.163.01! Should I wait for 550.163.01 for desktop or can I switch somehow to the server variant? Update to 550.144.03 makes no sense.

The -server variant is optimized for AI processing, not sure it performs any good for desktop tasks or gaming… I’d not install it on a desktop

1 Like

Mine just came in:

The following packages will be upgraded:
  linux-modules-nvidia-570-open-6.14.0-15-generic
  linux-modules-nvidia-570-open-generic
2 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 6,476 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] 

@ogra Thanks for this info that the nvidia driver on server is optimized for AI processing. Since the desktop linux kernel switched from 6.8 to 6.11 I’ve used the server linux kernel.

$ uname -a
Linux ZBookRoland 6.8.0-58-generic #60-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 14 18:29:48 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

550.144.03 for ā€˜Ubuntu Noble’ was in fact released just a few hours ago:

So I have to set many packages on hold:

$ apt-mark showhold
libnvidia-common-550
linux-generic-hwe-24.04
linux-headers-generic-hwe-24.04
linux-image-generic-hwe-24.04
linux-modules-nvidia-550-generic
linux-modules-nvidia-550-generic-hwe-24.04
nvidia-compute-utils-550
nvidia-driver-550
nvidia-kernel-common-550
nvidia-kernel-source-550
nvidia-utils-550
xserver-xorg-video-nvidia-550

So I keep on waiting for the desktop nvidia driver update 550.163.01. After its release I will have to switch back to the desktop linux kernel 6.11, right?
And that means also update the VMware Workstation. Sadly, will check if their dkms now supports the 6.11 kernel series.

I’m not suggesting this for a stable environment, but the PPA driver is currently ok.

pro fix CVE-2025-23244
CVE-2025-23244: 
NVIDIA GPU Display Driver for Linux contains a vulnerability which could
allow an unprivileged attacker to escalate permissions. A successful
exploit of this vulnerability might lead to code execution, denial of
service, escalation of privileges, information disclosure, and data
tampering.
 - https://ubuntu.com/security/CVE-2025-23244

No affected source packages are installed.

āœ” CVE-2025-23244 does not affect your system.
/usr/lib/python3/dist-packages/uaclient/apt.py:340: Warning: W:Unable to read /etc/apt/sources.list.d/brave-browser-release.sources - open (13: Permission denied), W:Unable to read /etc/apt/sources.list.d/surfshark.sources - open (13: Permission denied)
  dep_cache = apt_pkg.DepCache(cache)

Also I’m testing 575 currently:

 nvidia-smi
Thu May  1 11:02:39 2025       
+-----------------------------------------------------------------------------------------+
| NVIDIA-SMI 575.51.02              Driver Version: 575.51.02      CUDA Version: 12.9     |
|-----------------------------------------+------------------------+----------------------+
| GPU  Name                 Persistence-M | Bus-Id          Disp.A | Volatile Uncorr. ECC |
| Fan  Temp   Perf          Pwr:Usage/Cap |           Memory-Usage | GPU-Util  Compute M. |
|                                         |                        |               MIG M. |
|=========================================+========================+======================|
|   0  NVIDIA GeForce RTX 3050 ...    Off |   00000000:01:00.0 Off |                  N/A |
| N/A   32C    P8              3W /   60W |      15MiB /   4096MiB |      0%      Default |
|                                         |                        |                  N/A |
+-----------------------------------------+------------------------+----------------------+
                                                                                         
+-----------------------------------------------------------------------------------------+
| Processes:                                                                              |
|  GPU   GI   CI              PID   Type   Process name                        GPU Memory |
|        ID   ID                                                               Usage      |
|=========================================================================================|
|    0   N/A  N/A            4802      G   /usr/lib/xorg/Xorg                        4MiB |
+-----------------------------------------------------------------------------------------+