CVE-2026-24197

Vulnerability

The vulnerability resides in the Multi-Instance GPU (MIG) partition management code of the NVIDIA Display Driver for Linux. During partition reconfiguration, the driver uses an insecure default initialization for memory subsystem routing resources. Affected versions are not explicitly listed in the available references, but the driver must be installed on a system with MIG-capable hardware. A local attacker with access to reconfigure MIG partitions can trigger the flaw.

Exploitation

The attacker must have local access to the system and the ability to trigger a MIG partition reconfiguration. This requires sufficient privileges to interact with the NVIDIA driver (e.g., root or the nvidia-mig-mgr service). By initiating a partition reconfiguration sequence, the insecure default initialization of memory routing resources is exercised, potentially leading to data corruption or a system hang.

Impact

Successful exploitation leads to denial of service via a system hang or data corruption within the GPU memory space. The CVSS v3 base score is 6.5 (Medium). The impact is confined to availability and integrity of the GPU subsystem; data confidentiality is not directly affected per the description [1].

Mitigation

No official fix version or release date is provided in the available references. NVIDIA has not yet published a security bulletin or updated driver version addressing this specific CVE. Users should monitor NVIDIA's security advisory page for future updates. No workaround is documented in the supplied materials [1].