High-end GPUs, such as NVIDIA’s GeForce RTX 50-series, H100/A100 for AI/datacenter, and AMD’s Radeon RX 9000-series, have faced several critical security issues in 2025. These often involve driver flaws, container escapes, or inference server weaknesses, enabling risks like code execution, privilege escalation, data leakage, or denial-of-service (DoS).
Vulnerabilities are typically local (requiring user privileges) but can be remote in cloud/AI setups. Below, I summarize the most significant ones from NVIDIA and AMD, focusing on those affecting premium hardware. Always update via official channels—NVIDIA GeForce Experience/Studio Drivers or AMD Adrenalin Software—to mitigate.
NVIDIA Vulnerabilities
NVIDIA dominates high-end AI and gaming GPUs, with issues frequently tied to display drivers or AI tools like Triton Inference Server (used for scaling LLMs on RTX/H100 cards).
• Triton Inference Server DoS Flaws (December 2025): Two high-severity issues (CVSS 7.5 each) allow remote, unauthenticated attackers to crash the server via malformed inputs, disrupting AI workloads on high-end GPUs.
• CVE-2025-33211: Improper validation of input quantity leads to DoS.
• CVE-2025-33201: Inadequate handling of large payloads causes exceptional condition checks to fail, triggering crashes.
• Affected: All Linux versions of Triton Inference Server before r25.10; impacts GeForce RTX, A100/H100 in production AI deployments (e.g., cloud inference for models like GPT variants).
• Exploitation: Low complexity; send oversized/malformed payloads over the network—no privileges needed.
• Impact: Halts inference services, potentially leaking partial data or enabling lateral movement in multi-tenant environments.
• Mitigation: Update to r25.10+ from NVIDIA’s GitHub Releases; follow Secure Deployment Guide for API protections.
• NVIDIAScape Container Escape (July 2025): A critical flaw (CVSS 9.0) in the NVIDIA Container Toolkit allows malicious containers to escape isolation and gain root on the host.
• CVE-2025-23266: Misconfigured OCI hooks let attackers inject via environment variables (e.g., LD_PRELOAD in a Dockerfile).
• Affected: Toolkit v1.17.7 and earlier; GPU Operator up to 25.3.1. Hits high-end GPUs like RTX 5090 or H100 in Docker/Kubernetes for AI/ML.
• Exploitation: Build/run a simple malicious image with --runtime=nvidia --gpus=all; loads attacker code into host processes.
• Impact: Full host compromise in shared cloud setups—steal AI models, tamper data, or pivot to other tenants.
• Mitigation: Upgrade Toolkit to v1.17.8+; disable enable-cuda-compat hook in config.toml or via Helm. Patch untrusted workloads first.
• GPU Display Driver Issues (October 2025): Multiple high-severity flaws in kernel-mode layers.
• Key CVEs: CVE-2025-23309 (8.2: Uncontrolled DLL loading), CVE-2025-23282 (7.0: Race condition for escalation), CVE-2025-23280 (7.0: Use-after-free).
• Affected: GeForce RTX 40/50-series, Quadro/RTX professional cards (Windows R580/R570/R535 branches; Linux equivalents).
• Exploitation: Local attacks (e.g., via crafted apps) for code exec/escalation/DoS.
• Impact: Privilege escalation or crashes on gaming/AI rigs.
• Mitigation: Update Windows drivers to 581.42+; Linux to 580.95.05+ via NVIDIA downloads.
Earlier 2025 issues (e.g., January’s 7 driver flaws) involved buffer overflows risking data leaks on RTX/H100, but patches are mature.
AMD Vulnerabilities
AMD’s high-end Radeon RX 9000/7000-series (e.g., RX 7900 XTX) saw driver/firmware flaws, often in virtualized or Linux environments.
• Graphics Driver Heap Overflow (August 2025): High-severity input validation failures.
• CVE-2024-36342 (CVSS 8.8): Heap overflow in GPU driver enables arbitrary code execution.
• CVE-2024-36312 (8.8): Improper VCN-JPEG isolation allows VM guests to read/write host memory.
• Affected: Radeon RX 7000/9000-series (discrete high-end); also Pro W7000. Linux/Windows drivers.
• Exploitation: Local/VM privileged access; send malformed data to driver.
• Impact: Code exec, memory tampering, or VM escapes—critical for datacenter/gaming.
• Mitigation: Update to Adrenalin Edition 24.10.1+ (Windows) or Radeon Software 25.10.1 (Linux); firmware via OEM BIOS.
• Client Platform Issues (August 2025): Firmware flaws indirectly hit integrated Radeon in high-end APUs (e.g., Ryzen AI 300 with 780M graphics).
• CVE-2024-36326 (8.4): Resume-from-standby bypass in Rom Armor risks data leaks.
• Affected: Ryzen 7000/8000-series desktops/mobiles with Radeon Graphics.
• Mitigation: OEM PI firmware updates (e.g., StrixKrackanPI-FP8 1.1.0.0).
December 2025 reports of “leaking drivers” for AMD/NVIDIA likely tie to unpatched buffer overflows causing info disclosure, but specifics point to ongoing patches for RX 9000 hangs/crashes fixed in Windows 11 Dec update.
General Advice
• Severity Trends: Most are high (7.0–9.0 CVSS), with AI-focused ones (Triton/NVIDIAScape) posing ecosystem risks due to shared infrastructure.
• Detection/Exploitation: Monitor for crashes/unusual GPU loads; tools like NVIDIA DCGM or AMD System Monitor help. No widespread exploits reported yet, but AI clouds are prime targets.
• Best Practices: Enable auto-updates, restrict VM/container privileges, and audit shared GPU access. For enterprise, subscribe to NVIDIA/AMD PSIRT alerts.
If you mean a specific GPU/vendor or need install guides, provide details!