Description
NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
Published: 2026-05-26
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The NVIDIA Display Driver for Linux contains an out‑of‑bounds read flaw (CWE‑125) that allows a malicious actor to read memory outside the intended bounds of the driver. This flaw can cause a denial of service by crashing the driver and can also leak sensitive memory contents, potentially exposing confidential data. The vulnerability is a direct memory corruption weakness that undermines the stability and confidentiality guarantees of the GPU subsystem.

Affected Systems

The flaw affects all NVIDIA GPU driver families for Linux, including GeForce, RTX, Quadro, NVS, Tesla, and the Guest driver. All versions of these drivers running on Linux are potentially impacted, as no specific version exclusions are provided.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate‑to‑high severity. Because the driver operates in kernel space, an attacker with local access can trigger the out‑of‑bounds read by executing code that interacts with the driver, leading to a crash or information disclosure. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that widespread exploitation has not yet been observed. Nonetheless, as a local kernel‑level flaw, the risk remains significant for devices where the user can load or interact with the driver.

Generated by OpenCVE AI on May 26, 2026 at 19:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA driver update for Linux that incorporates the fix for CVE‑2026‑24196
  • Restrict which users can load or use NVIDIA drivers by employing Linux privilege controls, such as limiting access to the /dev/nvidia* devices
  • If a patch is unavailable, remove or block the GPU device from kernel modules using udev rules or the modprobe.blacklist mechanism until a fix is released

Generated by OpenCVE AI on May 26, 2026 at 19:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia gpu Display Driver
CPEs cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:linux:*:*
cpe:2.3:a:nvidia:gpu_display_driver:*:*:*:*:*:windows:*:*
Vendors & Products Nvidia gpu Display Driver

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia geforce
Nvidia guest Driver
Nvidia nvs
Nvidia quadro
Nvidia rtx
Nvidia tesla
Vendors & Products Nvidia
Nvidia geforce
Nvidia guest Driver
Nvidia nvs
Nvidia quadro
Nvidia rtx
Nvidia tesla

Tue, 26 May 2026 19:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read in NVIDIA Linux Display Driver Causing DoS and Information Disclosure

Tue, 26 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}

Subscriptions

Nvidia Geforce Gpu Display Driver Guest Driver Nvs Quadro Rtx Tesla
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-27T15:43:31.436Z

Reserved: 2026-01-21T19:09:34.079Z

Link: CVE-2026-24196

cve-icon Vulnrichment

Updated: 2026-05-26T18:37:19.411Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T18:16:38.607

Modified: 2026-06-11T02:58:48.267

Link: CVE-2026-24196

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:08:58Z

Weaknesses