Introduction
A locally authenticated user with nothing more than basic shell access on a Linux system running an NVIDIA GPU can exploit a kernel mode permission handling flaw to achieve full privilege escalation, data tampering, information disclosure, and arbitrary code execution. Given that NVIDIA holds approximately 92% of the discrete GPU market and an estimated 98% of the data center GPU market, the exposure surface for CVE-2026-24194 spans a significant fraction of Linux workstations, servers, and cloud instances running GPU compute workloads.
This vulnerability, disclosed as part of NVIDIA's May 2026 GPU Display Driver security bulletin, carries a CVSS v3.1 base score of 7.8 (High) and affects three major driver branches across GeForce, RTX, Quadro, NVS, Tesla, vGPU, and Cloud Gaming product lines. Patches are available, but the fragmented branch structure creates operational complexity for large fleet operators.
Technical Information
Root Cause: CWE-281 (Improper Preservation of Permissions)
CVE-2026-24194 resides in a kernel mode layer handler of the NVIDIA Display Driver for Linux. The root cause is classified as CWE-281, which MITRE defines as occurring when "the product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended."
In this instance, the kernel mode layer handler fails to correctly maintain permission states on objects, allowing a low privilege user to perform operations that should be restricted to higher privilege levels. Because the NVIDIA kernel module operates at ring 0, a permission handling failure at this level is fundamentally different from the same weakness class in user space applications. Rather than being confined to the application's own permission scope, the flaw grants the attacker kernel level access, producing high impact across all three security properties: confidentiality, integrity, and availability.
CVSS v3.1 Vector Decomposition
The full vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, which breaks down as follows:
| Vector Component | Value | Interpretation |
|---|---|---|
| Attack Vector (AV) | Local | Exploitation requires local access to the target system |
| Attack Complexity (AC) | Low | No specialized conditions needed beyond local access |
| Privileges Required (PR) | Low | Attacker needs only basic user level privileges |
| User Interaction (UI) | None | No action from another user is required |
| Scope (S) | Unchanged | Impact is confined to the vulnerable component |
| Confidentiality (C) | High | Total information disclosure possible |
| Integrity (I) | High | Total or complete loss of integrity possible |
| Availability (A) | High | Total loss of availability possible |
The combination of low attack complexity, low privilege requirements, and no user interaction makes this vulnerability accessible to any locally authenticated user on an affected system. It is worth noting that the NVD entry is currently marked "Undergoing Enrichment" with CVSS v4.0 assessment listed as N/A, so additional scoring details may emerge in subsequent updates.
Attack Flow
CWE-281 weaknesses in kernel mode drivers typically manifest when the driver fails to properly validate or enforce permission checks during operations such as memory mapping, IOCTL handling, or resource sharing between user space and kernel space. The MITRE CWE-281 catalog identifies common consequences including unauthorized read access to data, unauthorized modification of data or security critical settings, and disruption of service.
A plausible exploitation flow based on the vulnerability characteristics:
-
Initial Access: The attacker establishes local access to a Linux system running an affected NVIDIA driver version. This could be achieved through compromised credentials, a container escape, exploitation of a separate service, or legitimate low privilege access in a multi tenant environment.
-
Triggering the Flaw: Once authenticated as a low privilege user, the attacker interacts with the vulnerable kernel mode layer handler through the standard driver interface. The improper permission handling condition is triggered, causing objects to have less restrictive permissions than intended.
-
Privilege Escalation and Impact: By exploiting the permission handling failure in the kernel mode context, the attacker can escalate privileges, potentially achieving root level access. The successful exploitation chain can lead to denial of service, escalation of privileges, information disclosure, data tampering, and arbitrary code execution as described in the NVD entry.
This attack flow is particularly concerning in data center and cloud environments where NVIDIA GPUs are deployed for AI and ML workloads. These systems frequently run Linux and may be accessible to multiple users or services. A foothold gained through a container escape or misconfigured service could be escalated to full system compromise via CVE-2026-24194.
Scope of Impact
Because the NVIDIA GPU driver is a proprietary, closed source kernel module, the specific vulnerable code path has not been publicly disclosed. No source level diff or commit is available. The vulnerability is strictly a Linux side flaw; the Windows driver tables in the same NVIDIA bulletin do not reference CVE-2026-24194, confirming this is isolated to the Linux kernel mode layer's permission handling logic.
Patch Information
NVIDIA addressed CVE-2026-24194 through its May 2026 GPU Display Driver Security Update (Security Bulletin a_id/5821), initially published on May 19, 2026, and revised through May 21, 2026. The fix corrects the improper permission handling logic in the kernel mode layer handler. Because NVIDIA's GPU drivers are proprietary and closed source, the patch is delivered entirely through updated binary driver packages.
Linux GPU Display Driver (GeForce, RTX, Quadro, NVS, Tesla)
| Driver Branch | Fixed Version |
|---|---|
| R595 | 595.71.05 |
| R580 | 580.159.03 |
| R535 | 535.309.01 |
All driver versions prior to those listed above in each respective branch are vulnerable. Updated drivers can be obtained from the NVIDIA Driver Downloads page.
NVIDIA vGPU Software (Linux Guest Driver)
| vGPU Software Version (Fixed) | Driver Version (Fixed) |
|---|---|
| 20.1 | 595.71.05 |
| 19.5 | 580.159.03 |
| 16.14 | 535.309.01 |
The vGPU Manager branches (R595, R580, R535) also list CVE-2026-24194 as addressed, meaning virtual GPU environments running Linux guests are equally covered.
NVIDIA Cloud Gaming (Linux Guest Driver)
The Cloud Gaming Linux guest driver was updated to version 595.71.05 in the April 2026 Release, resolving CVE-2026-24194 alongside several sibling CVEs.
Downstream Distribution Status
Downstream distributors are still processing updates. SUSE has flagged packages nvidia-open-driver-G06-signed and nvidia-open-driver-G07-signed as "Affected" across numerous SUSE Linux Enterprise and openSUSE Leap products, but their tracker shows the issue is still in an "Analysis" state with no SUSE specific security announcements yet issued. The GitHub Advisory Database (GHSA-p96j-2664-mgcr) currently lists patched versions as "Unknown," though it correctly cross references the NVIDIA bulletin as the primary source.
Organizations should identify which driver branch is deployed on each system to apply the correct patch, as the three branch structure requires branch specific version matching.
Affected Systems and Versions
The following products and version ranges are affected:
Linux GPU Display Driver (GeForce, RTX, Quadro, NVS, Tesla):
| Product Line | Branch | Vulnerable Versions | Fixed Version |
|---|---|---|---|
| GeForce/RTX/Quadro/NVS/Tesla (Linux) | R595 | All versions prior to 595.71.05 | 595.71.05 |
| GeForce/RTX/Quadro/NVS/Tesla (Linux) | R580 | All versions prior to 580.159.03 | 580.159.03 |
| GeForce/RTX/Quadro/NVS/Tesla (Linux) | R535 | All versions prior to 535.309.01 | 535.309.01 |
vGPU Guest Driver (Linux):
| vGPU Version | Branch | Vulnerable Up To | Fixed Version |
|---|---|---|---|
| vGPU 20 | R595 | 595.58.03 and earlier | 595.71.05 |
| vGPU 19 | R580 | 580.126.09 and earlier | 580.159.03 |
| vGPU 16 | R535 | 535.288.01 and earlier | 535.309.01 |
Cloud Gaming (Linux Guest Driver):
| Branch | Vulnerable Versions | Fixed Version |
|---|---|---|
| R595 | Up to March 2026 release | 595.71.05 |
This vulnerability does not affect any Windows driver branches. The Windows driver tables in the same NVIDIA bulletin do not reference CVE-2026-24194.
Vendor Security History
NVIDIA has a documented history of publishing regular security bulletins for its GPU display drivers, often releasing coordinated bulletins covering multiple CVEs simultaneously. The May 2026 bulletin (a_id/5821) follows this established pattern, bundling CVE-2026-24194 alongside other driver vulnerabilities in a batched disclosure approach.
A comparable example is the January 2026 security bulletin (a_id/5747), which similarly addressed multiple vulnerabilities in GPU display drivers across both Linux and Windows branches, provided branch specific fixed versions, and followed the same risk assessment framework.
The recurring nature of kernel mode layer handler vulnerabilities in NVIDIA's Linux drivers suggests a systemic attack surface in the permission handling logic of the kernel module. While NVIDIA consistently patches these issues through its coordinated disclosure process (ensuring patches are available at the time of public bulletin release), the pattern indicates that the complexity of kernel mode GPU driver code continues to introduce permission handling weaknesses. Organizations should plan for continued vulnerability disclosures in this attack surface and maintain rapid patching capabilities for NVIDIA driver updates as an ongoing operational requirement.
Tenable has published Nessus Plugin 316514 ("NVIDIA Linux GPU Display Driver (May 2026)") to detect whether a Linux host is running an affected driver version. Organizations with Tenable deployments should ensure this plugin is included in active scan policies.
References
- NVD: CVE-2026-24194
- CVE Record: CVE-2026-24194
- NVIDIA Security Bulletin: GPU Display Drivers, May 2026
- GitHub Advisory: GHSA-p96j-2664-mgcr
- SUSE CVE Tracker: CVE-2026-24194
- MITRE CWE-281: Improper Preservation of Permissions
- NVIDIA Product Security
- NVIDIA PSIRT Policies
- Tenable Nessus Plugin 316514: NVIDIA Linux GPU Display Driver (May 2026)
- Cybersecurity Help: Multiple Vulnerabilities in NVIDIA GPU Display Drivers
- NVIDIA Driver Downloads
- NVIDIA Security Bulletin: GPU Display Drivers, January 2026



