Description
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Published: 2026-05-26
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write in the NVIDIA Display Driver for Windows and Linux, classified as CWE‑787. A successful exploitation can lead to denial of service, escape from kernel mode, data tampering, information disclosure and arbitrary code execution. The driver can become a vector for privilege escalation when an attacker has the ability to supply malicious graphics data or control the driver’s memory handling routines. Based on the description, it is inferred that the flaw is exploitable during normal driver operation without requiring any special privileges beyond those held by the user running the graphics stack.

Affected Systems

NVIDIA GeForce, RTX, Quadro, NVS and Tesla series GPUs are impacted through their Windows and Linux display drivers. All driver releases documented before the fix are potentially vulnerable, regardless of the specific vendor model. No version range is listed, so any installation of the affected driver families should be reviewed.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, and the KEV catalog lists this vulnerability as not yet exploited in the wild. EPSS data is not available, so the likelihood of exploitation cannot be quantified, but based on the description, it is inferred that the flaw’s nature and the critical operating system components it touches imply a non‑negligible risk. Based on the description, it is also inferred that attackers would likely need local access and the ability to interact with the graphics driver, making the vector more of a high‑privilege or trusted‑process issue than a remote network exploit.

Generated by OpenCVE AI on May 26, 2026 at 19:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the NVIDIA GPU driver to the latest version that incorporates the out‑of‑bounds write fix, as announced on NVIDIA’s support pages or the referenced advisories.
  • If an immediate driver update is not feasible, restrict the privileges of processes that load the NVIDIA driver, disable auto‑start of the driver during boot, and apply the principle of least privilege to any accounts that can load kernel modules.
  • Enable all operating‑system security hardening features—such as address space layout randomization, W^X protection, and kernel patch enforcement—to reduce the success probability of any remaining exploitation attempts.

Generated by OpenCVE AI on May 26, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia gpu Display Driver
CPEs cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
Vendors & Products Nvidia gpu Display Driver

Tue, 26 May 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia geforce
Nvidia nvs
Nvidia quadro
Nvidia rtx
Nvidia tesla
Vendors & Products Nvidia
Nvidia geforce
Nvidia nvs
Nvidia quadro
Nvidia rtx
Nvidia tesla

Tue, 26 May 2026 20:15:00 +0000

Type Values Removed Values Added
Title NVIDIA Display Driver Out-of-Bounds Write Allows Privilege Escalation

Tue, 26 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Geforce Gpu Display Driver Nvs Quadro Rtx Tesla
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-27T15:41:19.055Z

Reserved: 2026-01-21T19:09:34.079Z

Link: CVE-2026-24193

cve-icon Vulnrichment

Updated: 2026-05-26T18:37:05.787Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T18:16:38.237

Modified: 2026-06-11T02:57:20.220

Link: CVE-2026-24193

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T20:45:06Z

Weaknesses