ZeroPath at Black Hat USA 2026

NVIDIA Linux Display Driver CVE-2026-24192: Heap Buffer Overflow via Numeric Type Conversion — A Brief Summary

A brief summary of CVE-2026-24192, a CVSS 7.8 heap buffer overflow in NVIDIA's Linux display driver caused by incorrect numeric type conversion. Covers affected driver branches, patch versions, detection methods, and compensating controls for environments running NVIDIA GPUs.

CVE Analysis

12 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-05-26

NVIDIA Linux Display Driver CVE-2026-24192: Heap Buffer Overflow via Numeric Type Conversion — A Brief Summary
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

A numeric type conversion error in NVIDIA's Linux kernel mode display driver opens the door to heap buffer overflow exploitation, giving any locally authenticated user with low privileges a path to full system compromise. With NVIDIA GPUs powering roughly 85% of the discrete GPU market and the vast majority of AI accelerator infrastructure, CVE-2026-24192 has an unusually broad blast radius that extends from bare metal Linux workstations to hypervisor hosts running vGPU Manager.

This vulnerability, disclosed as part of NVIDIA's May 2026 security bulletin alongside 13 other CVEs, was discovered by JunDong Xie of Ant Group and carries a CVSS v3.1 base score of 7.8 (High). It affects three production driver branches across GeForce, RTX, Quadro, NVS, and Tesla product lines, as well as the vGPU Manager and Cloud Gaming Virtual GPU Manager components.

Technical Information

Root Cause: CWE-681 Leading to Heap Overflow

The root cause of CVE-2026-24192 is classified under CWE-681: Incorrect Conversion between Numeric Types. As the MITRE CWE definition states, "when converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values." In this vulnerability, a type conversion error within the NVIDIA kernel module produces an unexpected numeric value that is subsequently used to size or index a heap allocated buffer, resulting in a heap based buffer overflow (CWE-122).

CWE-681 sits under the broader CWE-682 (Incorrect Calculation) parent and is closely related to CWE-190 (Integer Overflow or Wraparound) and CWE-680 (Integer Overflow to Buffer Overflow). This is not an isolated pattern in NVIDIA's codebase: the same May 2026 bulletin includes a related CVE involving an "integer overflow or wraparound" in the NVIDIA kernel module, confirming that numeric type handling is a systemic concern across the driver stack.

CVSS Vector Decomposition

The CVSS v3.1 vector string is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, which breaks down as follows:

CVSS MetricValueMeaning
Attack Vector (AV)LocalAttacker needs local system access
Attack Complexity (AC)LowNo special conditions or race conditions required
Privileges Required (PR)LowBasic user privileges are sufficient
User Interaction (UI)NoneNo user action needed beyond the attacker's own
Scope (S)UnchangedImpact confined to the vulnerable component
Confidentiality (C)HighTotal information disclosure possible
Integrity (I)HighTotal system integrity compromise possible
Availability (A)HighTotal system availability loss possible

The CVSS v4.0 vector, as reported by cybersecurity-help.cz, is CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear, where E:U confirms exploitation has not been reported and AT:N indicates no attack requirements beyond local access.

Exploitation Flow

The exploitation chain follows a well understood pattern for CWE-681 to CWE-122 compositions:

Step 1: Type Conversion Trigger. The attacker invokes a GPU driver operation (likely through an ioctl call to one of the /dev/nvidia* device nodes) that internally converts a value between numeric types. For example, a conversion from a larger integer type to a smaller one, or from signed to unsigned. The driver does not validate that the conversion preserves the original value's semantics.

Step 2: Value Corruption. The incorrect conversion produces a corrupted or truncated value. Converting a large unsigned 64 bit integer to a 32 bit signed integer, for instance, may truncate the upper bits, producing a small or negative value that does not match the intended buffer offset or size.

Step 3: Heap Buffer Overflow. The corrupted value is used in a subsequent memory operation on a heap allocated buffer. If the value serves as a size parameter, the allocated buffer may be too small for the data written to it. If used as an index, the write lands outside the buffer's bounds. Either way, the result is a heap overflow in kernel address space.

Step 4: Privilege Escalation. Because the NVIDIA display driver operates in kernel mode on Linux, a heap overflow in the driver's address space provides a direct path to kernel level code execution. An attacker can overwrite adjacent heap metadata or function pointers to redirect execution flow, escalating from a low privileged user to root or kernel level access.

According to NVIDIA's official bulletin, successful exploitation may lead to five distinct impact categories: denial of service, escalation of privileges, information disclosure, data tampering, and code execution. This should be treated as a full system compromise scenario rather than a single dimension risk.

High Risk Environments

The local attack vector makes this vulnerability most dangerous in environments where untrusted users have local shell access:

  • Multi tenant servers and HPC clusters where multiple users share GPU resources
  • Container hosts with GPU passthrough where a compromised container could interact with the host's GPU driver
  • Virtualization platforms using NVIDIA vGPU where the vGPU Manager runs on the hypervisor host
  • Cloud GPU instances offered by major providers (AWS, Azure, GCP) where millions of instances may run the vulnerable driver

In multi tenant cloud GPU environments, a compromised low privileged container or VM could potentially use this vulnerability to escape isolation boundaries via the shared GPU driver.

Patch Information

NVIDIA addressed CVE-2026-24192 in Security Bulletin 5821, initially published on May 19, 2026, and subsequently revised through May 21, 2026 (revision 3.0). The fix is delivered as updated GPU display driver binaries. Since NVIDIA's kernel mode driver is proprietary, there is no source level patch to inspect. The remediation corrects the numeric type conversion logic inside the driver's kernel mode layer, ensuring buffer sizes are computed with the correct numeric type widths and preventing the overflow condition.

Linux GPU Display Driver Patched Versions

Driver BranchAffected VersionsPatched Version
R595All prior to 595.71.05595.71.05
R580All prior to 580.159.03580.159.03
R535All prior to 535.309.01535.309.01

These apply uniformly to GeForce, NVIDIA RTX/Quadro/NVS, and Tesla product lines on Linux.

vGPU Manager Patched Versions

Driver BranchvGPU Software VersionPatched Driver Version
R59520.1595.71.03
R58019.5580.159.01
R53516.14535.309.01

Cloud Gaming Virtual GPU Manager

The fix ships in the April 2026 Release with driver version 595.71.03 for Red Hat Enterprise Linux KVM and VMware vSphere.

Important Notes

The R570 driver series is End of Life and will not receive a patch for this vulnerability. Users on that branch must upgrade to R535 or a newer supported series.

NVIDIA corrected the original advisory in revision 2.0 to remove an erroneous R570 mention for Linux and replaced R590 references with R595 along with updated driver versions. Administrators referencing early copies of the bulletin should consult the latest revision.

For vGPU environments, the Virtual GPU Manager must be updated on the hypervisor host in addition to the guest driver. The vGPU Manager fix versions differ slightly from the guest driver versions (for example, R595 vGPU Manager is 595.71.03 versus guest driver 595.71.05). Coordination between hypervisor and guest driver updates is necessary.

Standalone display driver updates are available via the NVIDIA Driver Downloads page, while vGPU and Cloud Gaming updates are distributed through the NVIDIA Licensing Portal.

Detection Methods

Automated Scanning with Tenable Nessus

Two Tenable Nessus plugins released on May 22, 2026 directly cover CVE-2026-24192:

Nessus Plugin 316514 ("NVIDIA Linux GPU Display Driver (May 2026)") is a local check (NASL file: nvidia_unix_2026_5.nasl) that runs via the Nessus Agent on Linux systems. It checks for CVE-2026-24192 among several other CVEs addressed in the May 2026 bulletin. The plugin relies on the application's self reported version number, requiring the knowledge base items NVIDIA_UNIX_Driver/Version and NVIDIA_UNIX_Driver/GPU_Model to be populated. It carries a CVSS v3 base score of 8.8 (High) and is tagged with IAVA 2026-A-0493.

Nessus Plugin 316512 ("NVIDIA Virtual GPU Manager Multiple Vulnerabilities (May 2026)") covers CVE-2026-24192 in the context of vGPU Manager deployments (NASL file: nvidia_vgpu_2026_5.nasl). This plugin is agent based and relies on the self reported version of the NVIDIA Virtual GPU Manager software. It is especially relevant for virtualized GPU environments running on VMware vSphere, Red Hat Enterprise Linux KVM, XenServer, and Ubuntu. Tenable explicitly notes "No known exploits are available" for the vulnerabilities this plugin covers.

Manual Version Verification

For organizations not running Nessus, manual version verification is straightforward. Administrators can determine the currently installed driver version by running:

nvidia-smi

or by reading:

cat /proc/driver/nvidia/version

Compare the output against the fixed version thresholds documented in the NVIDIA Security Bulletin. Any version prior to 595.71.05 (R595), 580.159.03 (R580), or 535.309.01 (R535) is affected for standalone Linux drivers. For vGPU Manager installations, the fixed versions are 595.71.03 (R595), 580.159.01 (R580), and 535.309.01 (R535).

Why No Exploit Detection Signatures Exist

No exploit specific IoCs, YARA rules, Sigma rules, or network based IDS signatures have been published for CVE-2026-24192. This is expected for several reasons: the vulnerability has a local attack vector, making network layer detection via Snort or Suricata fundamentally inapplicable. The underlying weakness is a numeric type conversion error leading to a heap overflow within the kernel mode driver, and without a public proof of concept, there are no characteristic crash patterns, kernel log signatures, or behavioral indicators to write host based detection rules around. No entries for this CVE were found in the SigmaHQ rule repository or Neo23x0's signature base YARA collection.

Government and DoD Environments

The IAVA identifier 2026-A-0493 (referenced by both Nessus plugins) can be used to track compliance and remediation status through standard vulnerability management workflows.

Affected Systems and Versions

The vulnerability affects the NVIDIA Display Driver for Linux across three driver branches and multiple product lines, as well as the NVIDIA vGPU software and Cloud Gaming Virtual GPU Manager.

Linux GPU Display Driver

Product LineDriver BranchVulnerable VersionsFixed Version
GeForce, NVIDIA RTX, Quadro, NVS, TeslaR595All versions prior to 595.71.05595.71.05
GeForce, NVIDIA RTX, Quadro, NVS, TeslaR580All versions prior to 580.159.03580.159.03
GeForce, NVIDIA RTX, Quadro, NVS, TeslaR535All versions prior to 535.309.01535.309.01

vGPU Manager (XenServer, VMware vSphere, RHEL KVM, Ubuntu)

Driver BranchVulnerable VersionsFixed Version
R595All versions prior to 595.58.02595.71.03
R580All versions prior to 580.126.08580.159.01
R535All versions prior to 535.288.01535.309.01

Cloud Gaming Virtual GPU Manager (RHEL KVM, VMware vSphere)

Fixed in the April 2026 Release with driver version 595.71.03.

The R535 branch is the long term support branch used extensively in enterprise and data center environments, meaning the vulnerability has especially broad reach in production GPU compute infrastructure. The R570 driver series is End of Life and will not receive a patch; users on that branch must migrate to R535 or newer.

Vendor Security History

NVIDIA's security bulletin cadence reveals a recurring pattern of numeric handling and input validation weaknesses in the GPU display driver codebase. The May 2026 bulletin addresses 14 CVEs across Windows and Linux drivers. The July 2025 bulletin addressed CVE-2025-23276 through CVE-2025-23288, a set of 13 CVEs, reflecting what ZeroPath described as "ongoing security challenges in complex" driver software. The January 2026 bulletin similarly addressed multiple vulnerabilities.

The recurrence of similar CWE classes across multiple bulletins is notable. Improper index validation, integer overflow, and incorrect numeric type conversion appear repeatedly, suggesting that NVIDIA's driver code has systemic weaknesses in input validation and numeric type handling within the kernel mode layer. The same May 2026 bulletin includes CVE-2026-24187, rated CVSS 8.8, with SecurityOnline reporting a CVSS v4.0 exploitation maturity of "Proof of Concept," indicating that at least one other vulnerability in this batch may already have exploit code in circulation.

The discovery of CVE-2026-24192 by an external researcher (JunDong Xie of Ant Group) rather than NVIDIA's internal security team raises questions about the effectiveness of NVIDIA's internal secure development lifecycle for the Linux driver stack. While NVIDIA has improved its disclosure processes, including the move to GitHub based bulletins in machine readable formats since October 2025, the vulnerability patterns indicate that proactive code auditing for numeric type safety in kernel modules may need strengthening.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization