Description
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service.
Published: 2026-05-26
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in NVIDIA’s kernel driver for Windows and Linux and allows a local user to assign incorrect permissions to a critical resource. This misassignment can lead to unauthorized modification of data and can cause the affected device or service to become unusable. The weakness is identified as a classic input validation error where the driver fails to enforce proper access control.

Affected Systems

NVIDIA products such as GeForce, RTX, Quadro, NVS, Tesla and the Guest driver are affected. The issue exists on both Windows and Linux operating systems. No specific firmware, driver, or device version information is provided in the report, so all current releases of these products should be checked for the update.

Risk and Exploitability

The CVSS score of 4.4 classifies the impact as low severity, and no EPSS score is listed, suggesting a low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. Because the error stems from a local permission assignment flaw, exploitation requires local user access or the ability to load or modify kernel drivers. As such, the risk is limited to environments where privileged users or compromised accounts can interact directly with the NVIDIA kernel driver.

Generated by OpenCVE AI on May 26, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update NVIDIA drivers to the latest version available for your operating system.
  • Disable or uninstall any unused NVIDIA guest driver modules from your system.
  • Audit and enforce correct permission settings on NVIDIA kernel modules and associated critical resources.

Generated by OpenCVE AI on May 26, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia gpu Display Driver
CPEs cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
Vendors & Products Nvidia gpu Display Driver

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia geforce
Nvidia guest Driver
Nvidia nvs
Nvidia quadro
Nvidia rtx
Nvidia tesla
Vendors & Products Nvidia
Nvidia geforce
Nvidia guest Driver
Nvidia nvs
Nvidia quadro
Nvidia rtx
Nvidia tesla

Tue, 26 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Nvidia Geforce Gpu Display Driver Guest Driver Nvs Quadro Rtx Tesla
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-27T15:36:35.699Z

Reserved: 2025-04-15T18:51:06.915Z

Link: CVE-2025-33221

cve-icon Vulnrichment

Updated: 2026-05-26T18:35:29.059Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T18:16:36.720

Modified: 2026-06-11T02:55:33.897

Link: CVE-2025-33221

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:08:50Z

Weaknesses
  • CWE-20

    Improper Input Validation