NVIDIA has rolled out a significant update to its GPU display drivers, addressing a total of 14 vulnerabilities across its product lines, including GeForce, RTX, Quadro, Tesla, NVS, vGPU, and Cloud Gaming software. This proactive measure comes in response to security concerns, with the company emphasizing the importance of applying these fixes promptly.
Details of the Vulnerabilities
The vulnerabilities identified are predominantly categorized as “high-severity.” Among them, the most critical flaw, designated as CVE‑2026‑24187, is a use-after-free bug rated 8.8 out of 10. This particular vulnerability poses serious risks, potentially allowing for code execution, privilege escalation, data theft, or even system crashes.
In its security advisory, NVIDIA highlighted that the flaws could be exploited in various ways. For instance, Linux systems are vulnerable due to improper access to GPU resources at the kernel level, while Windows systems face risks from a timing flaw that could be manipulated to disrupt normal operations.
Additionally, two vulnerabilities within NVIDIA’s Unified Virtual Memory subsystem on Linux could lead to denial-of-service attacks without requiring elevated permissions. The vGPU software, which is crucial for virtualized and cloud environments, also received essential patches for vulnerabilities found in its virtual GPU manager component.
Users can access the updated drivers through the NVIDIA Driver Downloads page or the NVIDIA Licensing Portal, depending on their specific products. Windows users should look for driver version 569.49 or newer, while Linux users should seek version 590.48.01. It is also recommended that users maintain their antivirus programs, such as Windows Defender, to bolster their security posture.
NVIDIA expressed gratitude to several external security researchers for their responsible disclosure of these vulnerabilities, including teams from Seoul National University and Binarly Research Team. This collaborative effort underscores the importance of vigilance in cybersecurity within the tech industry.
