ZeroPath at Black Hat USA 2026

NVIDIA Linux Display Driver CVE-2026-24194: Brief Summary of a High Severity Kernel Permission Flaw

A brief summary of CVE-2026-24194, a high severity improper permission handling vulnerability in NVIDIA's Linux GPU display driver kernel mode layer, covering technical details, affected versions across R595, R580, and R535 branches, and available patch information.

CVE Analysis

10 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-05-26

NVIDIA Linux Display Driver CVE-2026-24194: Brief Summary of a High Severity Kernel Permission Flaw
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

A locally authenticated user with nothing more than basic shell access on a Linux system running an NVIDIA GPU can exploit a kernel mode permission handling flaw to achieve full privilege escalation, data tampering, information disclosure, and arbitrary code execution. Given that NVIDIA holds approximately 92% of the discrete GPU market and an estimated 98% of the data center GPU market, the exposure surface for CVE-2026-24194 spans a significant fraction of Linux workstations, servers, and cloud instances running GPU compute workloads.

This vulnerability, disclosed as part of NVIDIA's May 2026 GPU Display Driver security bulletin, carries a CVSS v3.1 base score of 7.8 (High) and affects three major driver branches across GeForce, RTX, Quadro, NVS, Tesla, vGPU, and Cloud Gaming product lines. Patches are available, but the fragmented branch structure creates operational complexity for large fleet operators.

Technical Information

Root Cause: CWE-281 (Improper Preservation of Permissions)

CVE-2026-24194 resides in a kernel mode layer handler of the NVIDIA Display Driver for Linux. The root cause is classified as CWE-281, which MITRE defines as occurring when "the product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended."

In this instance, the kernel mode layer handler fails to correctly maintain permission states on objects, allowing a low privilege user to perform operations that should be restricted to higher privilege levels. Because the NVIDIA kernel module operates at ring 0, a permission handling failure at this level is fundamentally different from the same weakness class in user space applications. Rather than being confined to the application's own permission scope, the flaw grants the attacker kernel level access, producing high impact across all three security properties: confidentiality, integrity, and availability.

CVSS v3.1 Vector Decomposition

The full vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, which breaks down as follows:

Vector ComponentValueInterpretation
Attack Vector (AV)LocalExploitation requires local access to the target system
Attack Complexity (AC)LowNo specialized conditions needed beyond local access
Privileges Required (PR)LowAttacker needs only basic user level privileges
User Interaction (UI)NoneNo action from another user is required
Scope (S)UnchangedImpact is confined to the vulnerable component
Confidentiality (C)HighTotal information disclosure possible
Integrity (I)HighTotal or complete loss of integrity possible
Availability (A)HighTotal loss of availability possible

The combination of low attack complexity, low privilege requirements, and no user interaction makes this vulnerability accessible to any locally authenticated user on an affected system. It is worth noting that the NVD entry is currently marked "Undergoing Enrichment" with CVSS v4.0 assessment listed as N/A, so additional scoring details may emerge in subsequent updates.

Attack Flow

CWE-281 weaknesses in kernel mode drivers typically manifest when the driver fails to properly validate or enforce permission checks during operations such as memory mapping, IOCTL handling, or resource sharing between user space and kernel space. The MITRE CWE-281 catalog identifies common consequences including unauthorized read access to data, unauthorized modification of data or security critical settings, and disruption of service.

A plausible exploitation flow based on the vulnerability characteristics:

  1. Initial Access: The attacker establishes local access to a Linux system running an affected NVIDIA driver version. This could be achieved through compromised credentials, a container escape, exploitation of a separate service, or legitimate low privilege access in a multi tenant environment.

  2. Triggering the Flaw: Once authenticated as a low privilege user, the attacker interacts with the vulnerable kernel mode layer handler through the standard driver interface. The improper permission handling condition is triggered, causing objects to have less restrictive permissions than intended.

  3. Privilege Escalation and Impact: By exploiting the permission handling failure in the kernel mode context, the attacker can escalate privileges, potentially achieving root level access. The successful exploitation chain can lead to denial of service, escalation of privileges, information disclosure, data tampering, and arbitrary code execution as described in the NVD entry.

This attack flow is particularly concerning in data center and cloud environments where NVIDIA GPUs are deployed for AI and ML workloads. These systems frequently run Linux and may be accessible to multiple users or services. A foothold gained through a container escape or misconfigured service could be escalated to full system compromise via CVE-2026-24194.

Scope of Impact

Because the NVIDIA GPU driver is a proprietary, closed source kernel module, the specific vulnerable code path has not been publicly disclosed. No source level diff or commit is available. The vulnerability is strictly a Linux side flaw; the Windows driver tables in the same NVIDIA bulletin do not reference CVE-2026-24194, confirming this is isolated to the Linux kernel mode layer's permission handling logic.

Patch Information

NVIDIA addressed CVE-2026-24194 through its May 2026 GPU Display Driver Security Update (Security Bulletin a_id/5821), initially published on May 19, 2026, and revised through May 21, 2026. The fix corrects the improper permission handling logic in the kernel mode layer handler. Because NVIDIA's GPU drivers are proprietary and closed source, the patch is delivered entirely through updated binary driver packages.

Linux GPU Display Driver (GeForce, RTX, Quadro, NVS, Tesla)

Driver BranchFixed Version
R595595.71.05
R580580.159.03
R535535.309.01

All driver versions prior to those listed above in each respective branch are vulnerable. Updated drivers can be obtained from the NVIDIA Driver Downloads page.

NVIDIA vGPU Software (Linux Guest Driver)

vGPU Software Version (Fixed)Driver Version (Fixed)
20.1595.71.05
19.5580.159.03
16.14535.309.01

The vGPU Manager branches (R595, R580, R535) also list CVE-2026-24194 as addressed, meaning virtual GPU environments running Linux guests are equally covered.

NVIDIA Cloud Gaming (Linux Guest Driver)

The Cloud Gaming Linux guest driver was updated to version 595.71.05 in the April 2026 Release, resolving CVE-2026-24194 alongside several sibling CVEs.

Downstream Distribution Status

Downstream distributors are still processing updates. SUSE has flagged packages nvidia-open-driver-G06-signed and nvidia-open-driver-G07-signed as "Affected" across numerous SUSE Linux Enterprise and openSUSE Leap products, but their tracker shows the issue is still in an "Analysis" state with no SUSE specific security announcements yet issued. The GitHub Advisory Database (GHSA-p96j-2664-mgcr) currently lists patched versions as "Unknown," though it correctly cross references the NVIDIA bulletin as the primary source.

Organizations should identify which driver branch is deployed on each system to apply the correct patch, as the three branch structure requires branch specific version matching.

Affected Systems and Versions

The following products and version ranges are affected:

Linux GPU Display Driver (GeForce, RTX, Quadro, NVS, Tesla):

Product LineBranchVulnerable VersionsFixed Version
GeForce/RTX/Quadro/NVS/Tesla (Linux)R595All versions prior to 595.71.05595.71.05
GeForce/RTX/Quadro/NVS/Tesla (Linux)R580All versions prior to 580.159.03580.159.03
GeForce/RTX/Quadro/NVS/Tesla (Linux)R535All versions prior to 535.309.01535.309.01

vGPU Guest Driver (Linux):

vGPU VersionBranchVulnerable Up ToFixed Version
vGPU 20R595595.58.03 and earlier595.71.05
vGPU 19R580580.126.09 and earlier580.159.03
vGPU 16R535535.288.01 and earlier535.309.01

Cloud Gaming (Linux Guest Driver):

BranchVulnerable VersionsFixed Version
R595Up to March 2026 release595.71.05

This vulnerability does not affect any Windows driver branches. The Windows driver tables in the same NVIDIA bulletin do not reference CVE-2026-24194.

Vendor Security History

NVIDIA has a documented history of publishing regular security bulletins for its GPU display drivers, often releasing coordinated bulletins covering multiple CVEs simultaneously. The May 2026 bulletin (a_id/5821) follows this established pattern, bundling CVE-2026-24194 alongside other driver vulnerabilities in a batched disclosure approach.

A comparable example is the January 2026 security bulletin (a_id/5747), which similarly addressed multiple vulnerabilities in GPU display drivers across both Linux and Windows branches, provided branch specific fixed versions, and followed the same risk assessment framework.

The recurring nature of kernel mode layer handler vulnerabilities in NVIDIA's Linux drivers suggests a systemic attack surface in the permission handling logic of the kernel module. While NVIDIA consistently patches these issues through its coordinated disclosure process (ensuring patches are available at the time of public bulletin release), the pattern indicates that the complexity of kernel mode GPU driver code continues to introduce permission handling weaknesses. Organizations should plan for continued vulnerability disclosures in this attack surface and maintain rapid patching capabilities for NVIDIA driver updates as an ongoing operational requirement.

Tenable has published Nessus Plugin 316514 ("NVIDIA Linux GPU Display Driver (May 2026)") to detect whether a Linux host is running an affected driver version. Organizations with Tenable deployments should ensure this plugin is included in active scan policies.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization