CVE-2026-24190 NVIDIA CVE debrief

Who should care

Organizations running NVIDIA Display Drivers on Windows or Linux workstations and servers, particularly those with multi-user environments or where local access cannot be fully restricted. System administrators responsible for GPU-accelerated computing environments, VDI deployments, and development workstations using NVIDIA graphics hardware.

Technical summary

This vulnerability exists in the kernel mode layer of NVIDIA Display Driver for both Windows and Linux platforms. The flaw allows a user to cause improper access to GPU resources. The CVSS 3.1 score of 7.8 (HIGH) reflects local attack vector with low attack complexity, low privileges required, and high impacts across confidentiality, integrity, and availability. The identified weakness is CWE-862 (Missing Authorization). Successful exploitation could result in multiple severe outcomes including denial of service, privilege escalation, information disclosure, data tampering, and code execution. The kernel-level nature of this vulnerability makes it particularly dangerous as it bypasses user-mode security boundaries.

Defensive priority

HIGH

Recommended defensive actions

• Apply NVIDIA security updates per vendor guidance when available
• Restrict local access to systems running affected NVIDIA Display Driver versions
• Monitor for anomalous GPU resource utilization or kernel-level activity
• Review NVIDIA security bulletin for affected driver versions and patch timeline
• Implement principle of least privilege for user accounts with local system access

Evidence notes

CVE published 2026-05-26T18:16:37.847Z; modified 2026-05-26T19:08:15.080Z. CVSS 3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. CWE-862 (Missing Authorization) identified as primary weakness. Source references include NVIDIA security bulletin.

Official resources