CVE-2026-24198 - Vulnerability Details

- Race Condition in NVIDIA Linux GPU Drivers Allows Limited Memory Leakage

Description

NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of service, data tampering, and information disclosure.

Published: 2026-05-26

Score: 5.6 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a race condition in NVIDIA’s Linux GPU display driver. When triggered by an advanced attacker, it can cause the driver to expose bits of sensitive memory. The leakage is limited in scope but could allow an unauthorized actor to gather confidential data. An attacker who successfully exploits the race condition may also induce denial of service or attempt data tampering, as the driver may become unstable or behave unpredictably.

Affected Systems

The issue applies to NVIDIA GPU drivers for Linux across several product lines, including GeForce, RTX, Quadro, NVS and Tesla. Specific version information was not disclosed, so all drivers that match these vendor/product categories should be evaluated for the presence of the race condition.

Risk and Exploitability

The CVSS score of 5.6 indicates a moderate severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that widespread exploitation is not yet documented. The attack vector is inferred to be local or advanced, relying on an attacker’s ability to manipulate race timing within the driver. Because the weakness is CVE‑200 (Information Exposure through Private Data), the attack is primarily aimed at leaking private data rather than executing arbitrary code.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NVIDIA

GeForce

unaffected

Version	Status	Constraints
`All driver versions prior to 595.71.05`	affected	—

NVIDIA

GeForce

unaffected

Version	Status	Constraints
`All driver versions prior to 580.159.03`	affected	—

NVIDIA

NVIDIA RTX, Quadro, NVS

unaffected

Version	Status	Constraints
`All driver versions prior to 595.71.05`	affected	—

NVIDIA

NVIDIA RTX, Quadro, NVS

unaffected

Version	Status	Constraints
`All driver versions prior to 580.159.03`	affected	—

NVIDIA

Tesla

unaffected

Version	Status	Constraints
`All driver versions prior to 595.71.05`	affected	—

NVIDIA

Tesla

unaffected

Version	Status	Constraints
`All driver versions prior to 580.159.03`	affected	—

No data.

Vendor Product Confidence Versions

Nvidia

Geforce

100%

Version	Status	Scheme	Platform
`[0,595.71.05)`	affected	semver	['linux(r595)']

Nvidia

Geforce

100%

Version	Status	Scheme	Platform
`[0,580.159.03)`	affected	semver	['linux(r580)']

Nvidia

Nvs

95%

Version	Status	Scheme	Platform
`[0,595.71.05)`	affected	semver	['linux(r595)']

Nvidia

Nvs

95%

Version	Status	Scheme	Platform
`[0,580.159.03)`	affected	semver	['linux(r580)']

Nvidia

Quadro

95%

Version	Status	Scheme	Platform
`[0,595.71.05)`	affected	semver	['linux(r595)']

Nvidia

Quadro

95%

Version	Status	Scheme	Platform
`[0,580.159.03)`	affected	semver	['linux(r580)']

Nvidia

Rtx

95%

Version	Status	Scheme	Platform
`[0,595.71.05)`	affected	semver	['linux(r595)']

Nvidia

Rtx

95%

Version	Status	Scheme	Platform
`[0,580.159.03)`	affected	semver	['linux(r580)']

Nvidia

Tesla

100%

Version	Status	Scheme	Platform
`[0,595.71.05)`	affected	semver	['linux(r595)']

Nvidia

Tesla

100%

Version	Status	Scheme	Platform
`[0,580.159.03)`	affected	semver	['linux(r580)']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update NVIDIA Linux GPU drivers to the latest release that incorporates the race condition fix
Configure kernel and driver memory protection to isolate GPU memory from non‑privileged processes
Apply SELinux or AppArmor profiles to restrict the driver’s memory access and reduce the impact of potential leaks
Monitor system logs for abnormal memory access or service interruptions that may indicate exploitation attempts

Generated by OpenCVE AI on May 26, 2026 at 19:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0017.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2026-24198
https://nvidia.custhelp.com/app/answers/detail/a_id/5821
https://www.cve.org/CVERecord?id=CVE-2026-24198

History

Tue, 26 May 2026 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nvidia Nvidia geforce Nvidia nvs Nvidia quadro Nvidia rtx Nvidia tesla
Vendors & Products		Nvidia Nvidia geforce Nvidia nvs Nvidia quadro Nvidia rtx Nvidia tesla

Tue, 26 May 2026 19:45:00 +0000

Type	Values Removed	Values Added
Title		Race Condition in NVIDIA Linux GPU Drivers Allows Limited Memory Leakage

Tue, 26 May 2026 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 26 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of service, data tampering, and information disclosure.
Weaknesses		CWE-200
References		https://nvd.nist.gov/vuln/detail/CVE-2026-24198 https://nvidia.custhelp.com/app/answers/detail/a_id/5821 https://www.cve.org/CVERecord?id=CVE-2026-24198
Metrics		cvssV3_1 `{'score': 5.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H'}`

Subscriptions

Nvidia Geforce Nvs Quadro Rtx Tesla

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2026-05-26T17:17:54.052Z

Updated: 2026-05-27T15:44:45.771Z

Reserved: 2026-01-21T19:09:34.079Z

Link: CVE-2026-24198

Vulnrichment

Updated: 2026-05-26T18:37:46.995Z

NVD

Status : Awaiting Analysis

Published: 2026-05-26T18:16:38.860

Modified: 2026-06-17T10:22:46.867

Link: CVE-2026-24198

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-26T20:30:14Z

Weaknesses

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object