Nvidia Product Security Update Advisory

Overview

 

We have released security updates to fix vulnerabilities in Nvidia products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-23263

 

NVIDIA DOCA-Host (Linux) Versions: 2.5.4 – less than 0.0.9
NVIDIA DOCA-Host (Linux) Versions: 2.9.3 – less than 0.2.2
NVIDIA DOCA-Host (Linux) Version: less than 3.0.0-058001
Mellanox OFED (Linux) Version: less than 5.8 – 7.0.6.1
Mellanox OFED (Linux) Versions: less than 23.10 – 5.1.4.0
Mellanox OFED (Linux) Version: less than 24.10 – 3.2.5.0

 

CVE-2025-23266, CVE-2025-23267

 

NVIDIA Container Toolkit Version: 1.17.7 and earlier
NVIDIA Container Toolkit CDI mode version less than 1.17.5
NVIDIA GPU Operator (Linux) Version: 25.3.0 and earlier
NVIDIA GPU Operator (Linux) CDI mode version: less than 25.3.0

 

 

CVE-2025-23270

 

NVIDIA Jetson Orin Series JP5 (Jetson Linux) Version: 35.6.2 and earlier
NVIDIA Jetson Orin Series JP6 (Jetson Linux) Version: 36.4.4 and earlier
NVIDIA Xavier Series JP5 (Jetson Linux) Version: Less than 35.6.2
IGX Orin (IGX OS) Version: Less than 1.1.2

 

 

Resolved Vulnerabilities

 

Privilege Escalation and VLAN Denial of Service Vulnerability in the VGT+ Feature in NVIDIA DOCA-Host and Mellanox OFED (CVE-2025-23263)
Privilege escalation, data manipulation, information leakage, and denial of service vulnerability in the container initialization hook in NVIDIA Container Toolkit (CVE-2025-23266)
Data manipulation and denial of service vulnerability in the update-ldcache hook in NVIDIA Container Toolkit (CVE-2025-23267)
Code execution, data corruption, information leakage, and denial of service vulnerability in UEFI managed mode in NVIDIA Jetson Linux (CVE-2025-23270)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

 

CVE-2025-23263

 

NVIDIA DOCA-Host Version: 2.5.4-0.0.9
NVIDIA DOCA-Host Version: 2.9.3-0.2.2
NVIDIA DOCA-Host Version: 3.0.0-058001
Mellanox OFED Version: 5.8-7.0.6.1
Mellanox OFED Version: 23.10-5.1.4.0
Mellanox OFED Version: 24.10-3.2.5.0

 

CVE-2025-23266, CVE-2025-23267

 

NVIDIA Container Toolkit Version: 1.17.8
NVIDIA GPU Operator (Linux) Version: 25.3.1

 

CVE-2025-23270

 

NVIDIA Jetson Orin Series JP5 (Jetson Linux) Version: 35.6.2
NVIDIA Jetson Orin Series JP6 (Jetson Linux) Version: 36.4.4
NVIDIA Xavier Series JP5 (Jetson Linux) Version: 35.6.2
IGX Orin (IGX OS) Version: 1.1.2

 

 

References

 

[1] Security Bulletin: NVIDIA DOCA-Host and Mellanox OFED – July 2025
https://nvidia.custhelp.com/app/answers/detail/a_id/5654
[2] Security Bulletin: NVIDIA Container Toolkit – July 2025
https://nvidia.custhelp.com/app/answers/detail/a_id/5659
[3] Security Bulletin: NVIDIA Jetson Orin, IGX Orin and Xavier Devices – July 2025
https://nvidia.custhelp.com/app/answers/detail/a_id/5662