CVE-2026-24198

Vulnerability

CVE-2026-24198 affects the NVIDIA GPU Display Driver for Linux. The vulnerability is a race condition that, under specific timing and concurrent access conditions, allows an attacker to leak sensitive memory contents. The affected driver versions are not specified in the available references [1], but the flaw exists in the Linux kernel driver component.

Exploitation

To exploit this race condition, an attacker would need local access to the system and be able to execute code with sufficient privileges to trigger the race window. The exact sequence involves concurrently accessing or modifying GPU driver memory mappings while a vulnerable code path is executing, causing a use-after-free or similar race condition that exposes sensitive kernel or driver memory. The attacker requires precise timing to win the race, which is considered an advanced exploitation technique [1].

Impact

Successful exploitation can lead to limited exposure of sensitive information to an unauthorized actor, such as kernel memory contents or driver data. This information disclosure may be combined with denial of service (system crash or hang) or data tampering (corruption of GPU driver state). The privilege level required suggests the attacker already has some access, and the impact is limited but may enable further attacks [1].

Mitigation

As of the publication date (2026-05-26), no fixed version has been disclosed in the available references [1]. Users should monitor NVIDIA's security bulletin page for driver updates. If a patch becomes available, it should be applied as soon as possible. No workarounds are mentioned in the references.