CVE-2026-24193

Vulnerability

NVIDIA Display Driver for Windows and Linux contains an out-of-bounds write vulnerability [1]. An attacker with local access can trigger this flaw, which resides in the kernel-mode driver component. The vulnerability affects all versions of the driver available as of the publication date (2026-05-26); specific affected version ranges have not been disclosed in the available references [1].

Exploitation

To exploit this vulnerability, an attacker must have local user access to a system running an affected NVIDIA Display Driver [1]. The attacker then executes a specially crafted program or application that invokes a driver IOCTL or function call, causing the driver to write data beyond the bounds of an allocated memory buffer [1]. No additional authentication beyond standard user credentials is required, and no user interaction beyond launching the exploit is necessary.

Impact

A successful exploit allows the attacker to achieve an out-of-bounds write, which can lead to denial of service (system crash), escalation of privileges to kernel level, disclosure of sensitive information, data tampering, or arbitrary code execution in the kernel context [1]. This gives the attacker full control over the affected system.

Mitigation

No fixed version or specific patch has been disclosed in the available references as of the publication date [1]. NVIDIA has not yet released an advisory detailing a mitigation or workaround. Users are advised to monitor NVIDIA's security bulletin page for updates and apply any driver update as soon as it becomes available [1].