GPU Security Alert: NVIDIA Drivers Hit with Critical 8.8 CVSS Flaw and Enterprise vGPU Bugs
Do Son 
NVIDIA has officially rolled out a comprehensive software security update for its GPU Display Driver to address numerous vulnerabilities disclosed in its latest bulletin. To safeguard systems against these threats, users are urged to download and install this critical software update through the NVIDIA Driver Downloads page. For enterprise users running vGPU software and Cloud Gaming environments, the necessary updates are available directly through the NVIDIA Licensing Portal.
The most severe vulnerability patched in this cycle is tracked as CVE-2026-24187, which carries a high CVSS base score of 8.8. This flaw resides within the NVIDIA Display Driver for Linux, where a vulnerability could allow a local attacker to cause a use-after-free condition. A successful exploit of this bug could lead to devastating consequences, including denial of service, escalation of privileges, information disclosure, data tampering, and arbitrary code execution.
Beyond the 8.8 use-after-free bug, a swarm of additional high-severity vulnerabilities—all carrying a CVSS score of 7.8—plague the Windows and Linux display drivers. These include:
- CVE-2026-24190: Found in both the Windows and Linux display drivers, this kernel mode layer vulnerability allows users to cause improper access to GPU resources. A successful exploit could lead to code execution, data tampering, and escalation of privileges.
- CVE-2026-24191: A time-of-check time-of-use vulnerability specifically in the Windows driver that an attacker could exploit to achieve privilege escalation, data tampering, and code execution.
- CVE-2026-24192: A Linux driver flaw where an attacker could cause an incorrect conversion between numeric types, triggering a dangerous heap buffer overflow.
- CVE-2026-24193: An out-of-bounds write vulnerability impacting both Windows and Linux drivers, leading to potential denial of service, code execution, and data tampering.
The security sweep also addresses critical weaknesses in NVIDIA vGPU software and Cloud Gaming components. Most notably, CVE-2026-24200 (CVSS 7.0) involves a use-after-free for stack memory located within the GPU virtual manager. Exploiting this vGPU flaw could result in denial of service, code execution, and escalation of privileges.
These Virtual GPU Manager vulnerabilities impact major enterprise virtualization platforms. The affected operating systems include XenServer, VMware vSphere, Red Hat Enterprise Linux KVM, Ubuntu, Azure Local, and Windows Server. Furthermore, updates have been issued for Guest drivers and Virtual GPU Managers deployed in Cloud Gaming environments.
These vulnerabilities cast a wide net across NVIDIA’s entire hardware ecosystem. The impacted software products span consumer and enterprise lines, including GeForce, NVIDIA RTX, Quadro, NVS, and Tesla hardware. The required updates are spread across multiple core driver branches, including the R595, R590, R580, R570, and R535 lines for both Windows and Linux operating systems.
To mitigate these threats, administrators must refer to the specific driver versions outlined in the bulletin for the GPU Display Driver, vGPU Software, and Cloud Gaming components and patch immediately.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
