Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial of service.
AnalysisAI
Race condition exploitation in NVIDIA Display Driver's Linux kernel module allows a local authenticated user to cause denial of service by manipulating compiler or processor memory instruction ordering. Affected product lines span GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest Driver across multiple driver branches up to the March 2026 release. No active exploitation has been confirmed - this is not listed in CISA KEV, EPSS is 0.01% (1st percentile), and SSVC assessment classifies exploitation status as none - placing this firmly in a patch-and-monitor category rather than emergency response.
Technical ContextAI
The vulnerability (CWE-362: Concurrent Execution Using Shared Resource with Improper Synchronization) exists in a kernel module component of the NVIDIA Display Driver for Linux. The root cause is inadequate memory barrier or synchronization primitive usage, allowing the compiler or CPU to reorder memory access instructions in a way that creates a time-of-check/time-of-use (TOCTOU)-style race window. Under Linux, kernel modules execute with elevated privileges, and a user-space process that can interact with the driver's IOCTL or memory-mapped interfaces may be able to trigger this window by racing concurrent operations. Affected CPE entries confirm the scope: cpe:2.3:a:nvidia:geforce, cpe:2.3:a:nvidia:rtx,_quadro,_nvs, cpe:2.3:a:nvidia:tesla, and cpe:2.3:a:nvidia:guest_driver - spanning consumer, workstation, datacenter, and virtualization driver stacks on Linux.
RemediationAI
A vendor-released patch is available per the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5821. Administrators should upgrade to the following fixed versions based on their driver branch: GeForce, RTX/Quadro/NVS, and Tesla users on the R580 branch should upgrade to 580.159.03 or later; those on the R535 long-term branch should upgrade to 535.309.01 or later; those on the R595 branch should upgrade to 595.71.05 or later. For vGPU deployments, Virtual GPU Manager and Guest Driver users on vGPU 19.x should upgrade to the post-vGPU 19.4 release (580.126.08 / 580.126.09 or later), and those on vGPU 16.x should upgrade beyond vGPU 16.13 (535.288.01 or later). As a compensating control where immediate patching is not possible, restrict local interactive access to Linux systems hosting NVIDIA GPUs to trusted users only, and consider disabling GPU-accelerated workloads for untrusted user accounts - note this may impact legitimate compute workloads. In multi-tenant cloud or VDI environments, priority should be placed on the vGPU Manager and Guest Driver branches given the higher exposure surface.
Same weakness CWE-362 – Race Condition
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Micro 5.3 | Fixed |
| SUSE Linux Enterprise Micro 5.4 | Fixed |
| SUSE Linux Enterprise Micro 5.5 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Public Cloud 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Micro 6.0 | Fixed |
| SUSE Linux Micro 6.0 | Fixed |
| SUSE Linux Micro 6.0 | Fixed |
| SUSE Linux Micro 6.1 | Fixed |
| SUSE Linux Micro 6.1 | Fixed |
| SUSE Linux Micro 6.1 | Fixed |
| SUSE Linux Micro 6.2 | Fixed |
| SUSE Linux Micro 6.2 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Proxy LTS 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Retail Branch Server LTS 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Manager Server LTS 4.3 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Public Cloud 15 SP6 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap Micro 5.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31925
GHSA-rcj6-p7vw-pm6c