The NVIDIA Display Driver for Windows contains a time‑of‑check/time‑of‑use race condition that an attacker can exploit to break the normal sequencing of checks and uses in the driver. This flaw permits the attacker to force the system to act on stale or invalid data, leading to denial of service, privilege escalation, information disclosure, data tampering, and arbitrary code execution. These consequences affect both user and kernel contexts, potentially enabling an attacker to gain control over the system.

The flaw impacts NVIDIA graphics drivers for Windows that support GeForce, RTX, Quadro, NVS, and Tesla GPUs, as well as the NVIDIA Guest driver and Virtual GPU Manager. The affected components run on Windows operating systems, but no specific driver or Windows version is supplied; therefore, any installation of the mentioned NVIDIA drivers is potentially vulnerable until a patch is applied.

The CVSS base score of 7.8 classifies the issue as high severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, indicating that publicly known exploits may not yet exist. The attack vector is not explicitly stated; however, based on the fact it is a driver‑level race condition, the most likely vector would be a local exploitation scenario where the attacker has the ability to execute code in a user process that interacts with the display driver. If remote exploitation were possible, it would require complex driver manipulation. The high score and the range of potential impacts suggest that affected systems should prioritize applying the vendor’s fix as soon as it is released.