CVE-2026-24197 NVIDIA CVE debrief

Who should care

Organizations running NVIDIA GPUs in Linux environments with MIG enabled, particularly cloud service providers and enterprises using GPU virtualization for AI/ML workloads, containerized applications, or multi-tenant GPU sharing configurations.

Technical summary

The vulnerability exists in the Multi-Instance GPU (MIG) partition management component of NVIDIA Display Driver for Linux. During partition reconfiguration, memory subsystem routing resources are initialized with insecure defaults. This improper initialization (CWE-1188) can lead to data corruption or system hang conditions. The attack requires local access with low privileges and no user interaction. The scope changes from the vulnerable component to other resources, with the primary impact being availability degradation through denial of service. No confidentiality or integrity impacts are indicated in the CVSS scoring.

Defensive priority

medium

Recommended defensive actions

• Review NVIDIA security bulletin for affected driver versions and apply recommended updates
• Audit Linux systems running NVIDIA Display Driver with MIG enabled for exposure
• Monitor partition reconfiguration operations for anomalous behavior or hangs
• Implement least-privilege access controls for GPU management interfaces
• Establish monitoring for unexpected GPU resource initialization failures

Evidence notes

Vulnerability disclosed via NVIDIA PSIRT and published to NVD on 2026-05-26. Official CVE record and NVD entry confirm the vulnerability details. NVIDIA security bulletin provides vendor-specific guidance.

Official resources