Description
NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Published: 2026-05-26
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA Display Driver for Linux contains a flaw in numeric type conversion that produces an incorrect conversion between numeric types, which leads to a heap buffer overflow. The vulnerability, classified as CWE‑681, can be exploited to cause denial of service, privilege escalation, information disclosure, data tampering, and remote code execution.

Affected Systems

The flaw affects NVIDIA drivers for Linux used on GeForce, RTX, Quadro, NVS, Tesla, and the Virtual GPU Manager. No specific driver versions are listed, so all current installations that rely on these drivers are potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.8 signifies a high severity. The EPSS score is not available, and the vulnerability is not listed in KEV, implying no widespread public exploits yet. The attack vector is not explicitly stated in the advisory, but the nature of the flaw suggests that it requires execution of malformed data within a driver context, likely through a local or remote user with access to the graphics stack. This affords the attacker the opportunity to crash or compromise the host system if successful.

Generated by OpenCVE AI on May 26, 2026 at 19:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the NVIDIA Linux driver to the latest available patch that addresses the numeric type conversion error.
  • If a patch is not available, temporarily disable or remove GPU acceleration on the affected nodes, or switch to a stable open‑source driver as a workaround.
  • Apply system hardening by ensuring kernel address space layout randomization is enabled and by restricting local users from launching privileged graphical sessions.

Generated by OpenCVE AI on May 26, 2026 at 19:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia gpu Display Driver
CPEs cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
Vendors & Products Nvidia gpu Display Driver

Tue, 26 May 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia geforce
Nvidia nvs
Nvidia quadro
Nvidia rtx
Nvidia tesla
Nvidia virtual Gpu Manager
Vendors & Products Nvidia
Nvidia geforce
Nvidia nvs
Nvidia quadro
Nvidia rtx
Nvidia tesla
Nvidia virtual Gpu Manager

Tue, 26 May 2026 20:15:00 +0000

Type Values Removed Values Added
Title Heap Buffer Overflow in NVIDIA Linux Display Driver via Incorrect Numeric Type Conversion

Tue, 26 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Weaknesses CWE-681
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Geforce Gpu Display Driver Nvs Quadro Rtx Tesla Virtual Gpu Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-27T15:40:46.679Z

Reserved: 2026-01-21T19:09:34.079Z

Link: CVE-2026-24192

cve-icon Vulnrichment

Updated: 2026-05-26T18:38:30.847Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T18:16:38.107

Modified: 2026-06-11T02:57:10.740

Link: CVE-2026-24192

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T21:15:16Z

Weaknesses
  • CWE-681

    Incorrect Conversion between Numeric Types