Skip to main content

NVIDIA Display Driver EUVDEUVD-2026-31920

| CVE-2026-24192 HIGH
Incorrect Conversion between Numeric Types (CWE-681)
2026-05-26 nvidia GHSA-rjxx-gv4f-wj57
7.8
CVSS 3.1 · Vendor: nvidia
Share

Severity by source

Vendor (nvidia) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from Vendor (nvidia).

CVSS VectorVendor: nvidia

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 10:22 vuln.today
CVE Published
May 26, 2026 - 17:14 nvd
HIGH 7.8

DescriptionCVE.org

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

AnalysisAI

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and Virtual GPU Manager branches) stems from an incorrect numeric type conversion (CWE-681) that produces a heap buffer overflow. A locally authenticated attacker with low privileges can trigger the flaw to achieve code execution, privilege escalation, information disclosure, data tampering, or denial of service. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain local low-privileged shell
Delivery
Open NVIDIA GPU device node
Exploit
Send ioctl with crafted size field
Install
Trigger numeric misconversion (CWE-681)
C2
Overflow heap buffer in driver
Execute
Hijack control flow in driver context
Impact
Escalate to root or leak GPU memory

Vulnerability AssessmentAI

Exploitation Attacker must already have local, authenticated, low-privileged code execution on a Linux host running an affected NVIDIA Display Driver or Virtual GPU Manager build, with access to the NVIDIA GPU device interfaces (typically the /dev/nvidia* nodes that the driver exposes to user space). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H gives a base score of 7.8 and accurately reflects local, low-complexity, low-privilege exploitation with high impact across confidentiality, integrity, and availability - consistent with a kernel-adjacent driver bug usable for LPE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged local user on a Linux workstation, CI runner, ML training node, or vGPU-enabled hypervisor host issues a crafted ioctl or other request to the NVIDIA driver with size/length fields chosen to trigger the numeric type misconversion, overflowing a heap buffer inside driver memory. The attacker then leverages the corrupted kernel-adjacent state to escalate from an unprivileged shell to root, or to read sensitive data from other GPU contexts. …
Remediation Vendor-released patch: upgrade the Linux Display Driver to 535.309.01, 580.159.03, or 595.71.05 (whichever matches the deployed branch) for GeForce, RTX/Quadro/NVS, and Tesla, and update Virtual GPU Manager past vGPU 16.13 (535.x), vGPU 19.4 (580.x), or vGPU 20.0 / March 2026 release (595.x) per the NVIDIA Security Bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5821 and https://vuldb.com/vuln/365758. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all NVIDIA Display Driver instances across Linux infrastructure (GPU servers, virtual GPU hosts, graphics workstations). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Nvidia

View all
CVE-2025-23359 HIGH POC
8.3 Feb 12

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co

CVE-2026-41512 CRITICAL
9.9 May 08

Remote code execution in ai-scanner versions 1.0.0 through 1.4.0 allows authenticated attackers to inject and execute ar

CVE-2026-24178 CRITICAL
9.8 Apr 28

Authentication bypass in NVIDIA NVFlare Dashboard allows remote unauthenticated attackers to escalate privileges through

CVE-2026-24207 CRITICAL
9.8 May 20

Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct

CVE-2026-24270 CRITICAL
9.8 Jul 01

Authentication bypass in NVIDIA AIStore, a scalable distributed object-storage framework for AI/ML data pipelines, lets

CVE-2026-55447 CRITICAL
9.6 Jun 19

Arbitrary file read leading to remote code execution affects Langflow versions prior to 1.9.2 in any flow that uses Base

CVE-2026-53805 CRITICAL
9.3 Jun 17

Unauthenticated remote code execution in NVIDIA Spatial Intelligence Lab's GEN3C inference API server allows network att

CVE-2025-33187 CRITICAL
9.3 Nov 25

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to

CVE-2025-33244 CRITICAL
9.0 Mar 24

NVIDIA APEX for Linux contains a deserialization of untrusted data vulnerability that affects environments using PyTorch

CVE-2025-23351 CRITICAL
9.0 Jul 01

Out-of-bounds write in the command interface of NVIDIA ConnectX SmartNICs and BlueField DPUs allows a local user holding

CVE-2025-23350 CRITICAL
9.0 Jul 01

Out-of-bounds write in the command interface of NVIDIA ConnectX network adapters and BlueField DPUs allows a local user

CVE-2025-23254 HIGH
8.8 May 01

NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data vali

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed

Share

EUVD-2026-31920 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy