Description
NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service.
Published: 2026-05-26
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The NVIDIA Linux Display Driver contains an improper input validation flaw in the Unified Virtual Memory (UVM) subsystem. An attacker who can supply crafted input to the driver could trigger a failure that leads to a denial of service. This weakness is classified as CWE-20 and can potentially cause the driver or the host system to crash.

Affected Systems

The vulnerability applies to the NVIDIA Guest driver for Linux. No specific driver versions are listed in the advisory, so all installed instances of this driver should be considered potentially affected until a vendor update is confirmed.

Risk and Exploitability

The CVSS score of 7.1 reflects a high severity risk. The EPSS score is not available, making it difficult to estimate real‑world exploitation probability. The vulnerability is not part of the CISA KEV catalog. Based on the description, it is inferred that the attack requires local interaction with the driver, as no remote exploitation vector is described.

Generated by OpenCVE AI on May 26, 2026 at 19:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the NVIDIA Guest driver to the latest patch that addresses UVM input validation issues
  • If an update is not possible, disable or limit UVM functionality in the driver or consider removing the driver until a fix is released
  • Monitor system logs for signs of driver crashes or abnormal behavior that could indicate exploitation of the input validation flaw

Generated by OpenCVE AI on May 26, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia gpu Display Driver
CPEs cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
Vendors & Products Nvidia gpu Display Driver

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia guest Driver
Vendors & Products Nvidia
Nvidia guest Driver

Tue, 26 May 2026 19:45:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in NVIDIA Linux Display Driver Leading to Potential Denial of Service

Tue, 26 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Nvidia Gpu Display Driver Guest Driver
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-26T18:38:21.943Z

Reserved: 2026-01-21T19:09:34.079Z

Link: CVE-2026-24195

cve-icon Vulnrichment

Updated: 2026-05-26T18:38:17.306Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T18:16:38.490

Modified: 2026-06-11T02:58:26.680

Link: CVE-2026-24195

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:09:03Z

Weaknesses
  • CWE-20

    Improper Input Validation