CVE-2026-24195

Vulnerability

The NVIDIA Display Driver for Linux contains a vulnerability in the UVM (Unified Virtual Memory) component [1]. Improper input validation occurs when a user interacts with the driver, allowing an attacker to trigger a denial of service condition. The vulnerability is present in the Linux driver versions prior to the fix, and the exact code path depends on the specific UVM operations invoked by the user. The CVSS v3.1 base score is 7.1 (High), indicating significant availability impact [1].

Exploitation

An attacker needs local user access to the system to exploit this vulnerability [1]. No special authentication or write access is required; the attacker only needs to cause improper input validation through a user operation (e.g., invoking a UVM function with crafted parameters). The attack does not require a race window or precise timing; it is a straightforward input validation flaw that leads to driver instability and denial of service.

Impact

A successful exploit causes denial of service for the affected system [1]. The availability impact is complete (C: None, I: None, A: High), meaning the driver crash or hang renders the system unusable until recovery. No confidentiality or integrity compromise occurs; the vulnerability solely disrupts operations.

Mitigation

NVIDIA has released a driver update to address this vulnerability [1]. Users should upgrade to the latest patched version of the NVIDIA Display Driver for Linux. No workarounds are documented; the fix is the recommended mitigation. The vulnerability is not listed in any known KEV catalog as of the publication date.