Threat Advisory

NVIDIA GPU Display Driver Vulnerabilities Expose Remote Code Execution

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in NVIDIA's GPU Display Driver, vGPU software, and Cloud Gaming components, affecting consumer and enterprise lines of products including GeForce, NVIDIA RTX, Quadro, NVS, and Tesla hardware. The vulnerabilities include use-after-free conditions, kernel mode layer vulnerabilities, time-of-check time-of-use vulnerabilities, heap buffer overflows, and out-of-bounds write vulnerabilities, which could lead to devastating consequences such as denial of service, escalation of privileges, information disclosure, data tampering, and arbitrary code execution. If exploited, these vulnerabilities could have significant business impacts, including disruption of critical operations, financial losses, and damage to reputation.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in NVIDIA's GPU Display Driver, vGPU software, and Cloud Gaming components, affecting consumer and enterprise lines of products including GeForce, NVIDIA RTX, Quadro, NVS, and Tesla hardware. The vulnerabilities include use-after-free conditions, kernel mode layer vulnerabilities, time-of-check time-of-use vulnerabilities, heap buffer overflows, and out-of-bounds write vulnerabilities, which could lead to devastating consequences such as denial of service, escalation of privileges, information disclosure, data tampering, and arbitrary code execution. If exploited, these vulnerabilities could have significant business impacts, including disruption of critical operations, financial losses, and damage to reputation.[emaillocker id="1283"]

  • CVE-2026-24187 with a CVSS score of 8.8 – This vulnerability resides within the NVIDIA Display Driver for Linux, where a local attacker could cause a use-after-free condition, leading to devastating consequences such as denial of service, escalation of privileges, information disclosure, data tampering, and arbitrary code execution.
  • CVE-2026-24190 with a CVSS score of 7.8 – This kernel mode layer vulnerability allows users to cause improper access to GPU resources, potentially leading to code execution, data tampering, and escalation of privileges.
  • CVE-2026-24191 with a CVSS score of 7.8 – This time-of-check time-of-use vulnerability specifically in the Windows driver could be exploited to achieve privilege escalation, data tampering, and code execution.
  • CVE-2026-24192 with a CVSS score of 7.8 – This Linux driver flaw involves causing an incorrect conversion between numeric types, triggering a dangerous heap buffer overflow.
  • CVE-2026-24193 with a CVSS score of 7.8 – This out-of-bounds write vulnerability impacting both Windows and Linux drivers could result in potential denial of service, code execution, and data tampering.
  • CVE-2026-24200 with a CVSS score of 7.0 – This use-after-free for stack memory located within the GPU virtual manager could result in denial of service, code execution, and escalation of privileges.

These vulnerabilities cast a wide net across NVIDIA's entire hardware ecosystem, impacting major enterprise virtualization platforms and Cloud Gaming environments. If not addressed promptly, these vulnerabilities could have severe business consequences, including financial losses, disruption of critical operations, and damage to reputation. It is essential for administrators to refer to the specific driver versions outlined in the bulletin and patch immediately to mitigate these threats.

RECOMMENDATION:

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/nvidia-gpu-driver-security-update-cve-2026-24187-patch/

[/emaillocker]
crossmenu