PatchSiren cyber security CVE debrief
CVE-2026-24196 NVIDIA CVE debrief
A high-severity vulnerability in NVIDIA Display Driver for Linux allows local attackers to trigger out-of-bounds reads, potentially causing denial of service and information disclosure. The vulnerability requires local access with low privileges and no user interaction, making it exploitable by authenticated users on affected systems. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) indicates high impacts to confidentiality and availability, with no integrity impact. The root cause is classified as CWE-125 (Out-of-bounds Read). NVIDIA has published security guidance through their customer help portal. As of publication, this vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog, and no known ransomware campaign use has been reported.
- Vendor
- NVIDIA
- Product
- GeForce
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-26
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-26
- Advisory updated
- 2026-05-26
Who should care
Linux system administrators running NVIDIA Display Driver in multi-user environments, security teams managing GPU-accelerated workstations and servers, organizations with untrusted local user access requirements, and compliance teams tracking high-severity kernel/driver vulnerabilities
Technical summary
CVE-2026-24196 is an out-of-bounds read vulnerability in NVIDIA Display Driver for Linux. The flaw allows a local, low-privileged attacker to read memory outside intended boundaries without user interaction. Successful exploitation can result in system crashes (denial of service) and exposure of sensitive information from kernel or driver memory. The vulnerability is classified under CWE-125 and carries a CVSS 3.1 score of 7.1 (HIGH), with high impacts to confidentiality and availability. Attack complexity is low, and the attack vector is local, requiring authenticated access but no user interaction.
Defensive priority
high
Recommended defensive actions
- Apply NVIDIA security updates as specified in vendor security bulletin when available
- Monitor NVIDIA security advisory portal for driver update notifications
- Restrict local access to systems running affected NVIDIA Display Driver versions
- Review system logs for anomalous activity from local user accounts
- Assess systems running NVIDIA Display Driver on Linux for exposure to untrusted local users
Evidence notes
CVE description confirms out-of-bounds read in NVIDIA Display Driver for Linux with denial of service and information disclosure impacts. CVSS 3.1 score of 7.1 (HIGH) reflects local attack vector with high confidentiality and availability impacts. CWE-125 classification indicates classic out-of-bounds read vulnerability. Source references include NVIDIA's official security advisory portal (nvidia.custhelp.com).
Official resources
-
CVE-2026-24196 CVE record
CVE.org
-
CVE-2026-24196 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
NVIDIA disclosed this vulnerability on 2026-05-26 through their PSIRT and NVD. The vendor advisory provides technical details and remediation guidance.