CVE-2026-24196

Vulnerability

An out-of-bounds read vulnerability exists in the NVIDIA Display Driver for Linux [1]. A local user can cause the driver to read beyond the bounds of an allocated buffer, leading to undefined behavior. The affected versions are not explicitly disclosed in the available references, but the driver is a standard component of NVIDIA's Linux GPU driver package.

Exploitation

Exploitation requires a local user with the ability to interact with the NVIDIA display driver, either through direct device access or through standard system calls that trigger the vulnerable code path [1]. No authentication credentials beyond a normal user account are necessary; the attacker needs to run a crafted program that sends malicious input to the driver. The exact sequence of steps is not publicly detailed in the available references.

Impact

Successful exploitation can result in denial of service (system crash or driver hang) and information disclosure, as the out-of-bounds read may leak sensitive kernel or driver memory contents [1]. The attacker does not gain code execution or privilege escalation, but the disclosed information could aid in further attacks.

Mitigation

No official fix version or patch release date has been disclosed in the available references as of the publication date [1]. Users should monitor the NVIDIA Security Bulletin page for updates. No workaround is currently available. Administrators should restrict local user access to trusted accounts only.