Description
NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Published: 2026-05-26
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA’s Linux display driver contains an access‑control flaw in a kernel mode layer handler, where improper permission checks can be abused. A successful exploitation may allow an attacker to cause a denial of service, elevate privileges, disclose sensitive information, tamper with data, and execute arbitrary code. The flaw is classified as CWE‑281 (Access Control Errors).

Affected Systems

All NVIDIA Linux GPU products listed as affected—GeForce, RTX, Quadro, NVS, Tesla, and the Guest driver—are vulnerable. The current information does not specify affected driver versions, so any installation of these drivers on Linux should be considered at risk.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. The EPSS score is not available and the vulnerability is not yet catalogued in CISA’s KEV list, yet the potential for privilege escalation and code execution remains serious. The attack vector is inferred to be local, as the flaw resides in kernel‑mode code, but an attacker with kernel or privileged user access could leverage it to compromise the entire system.

Generated by OpenCVE AI on May 26, 2026 at 19:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA driver update that patches the kernel mode layer handler
  • If a patch is not yet available, unload or disable the vulnerable NVIDIA driver module and restrict access to /dev/nvidia* device files
  • Use secure device access controls (SELinux/AppArmor) and limit GPU driver usage to trusted users only

Generated by OpenCVE AI on May 26, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia gpu Display Driver
CPEs cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
Vendors & Products Nvidia gpu Display Driver

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia geforce
Nvidia guest Driver
Nvidia nvs
Nvidia quadro
Nvidia rtx
Nvidia tesla
Vendors & Products Nvidia
Nvidia geforce
Nvidia guest Driver
Nvidia nvs
Nvidia quadro
Nvidia rtx
Nvidia tesla

Wed, 27 May 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 19:45:00 +0000

Type Values Removed Values Added
Title Linux NVIDIA Display Driver Kernel Permission Flaw Enables Privilege Escalation

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Weaknesses CWE-281
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Geforce Gpu Display Driver Guest Driver Nvs Quadro Rtx Tesla
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-27T15:41:55.643Z

Reserved: 2026-01-21T19:09:34.079Z

Link: CVE-2026-24194

cve-icon Vulnrichment

Updated: 2026-05-26T18:36:25.593Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T18:16:38.367

Modified: 2026-06-11T02:57:27.563

Link: CVE-2026-24194

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:08:53Z

Weaknesses
  • CWE-281

    Improper Preservation of Permissions