CVE-2026-24191
Analyzed Analyzed - Analysis Complete
NVIDIA Display Driver TOCTOU Vulnerability

Publication date: 2026-05-26

Last updated on: 2026-06-11

Assigner: NVIDIA Corporation

Description
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-06-11
Generated
2026-06-16
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-24191
EUVD
EUVD-2026-31931
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
nvidia gpu_display_driver From 595 (inc) to 595.71.05 (exc)
nvidia gpu_display_driver From 535 (inc) to 535.309.01 (exc)
nvidia gpu_display_driver From 580 (inc) to 580.159.03 (exc)
nvidia gpu_display_driver From 535 (inc) to 539.72 (exc)
nvidia gpu_display_driver From 580 (inc) to 582.53 (exc)
nvidia gpu_display_driver From 595 (inc) to 595.36 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in the NVIDIA Display Driver for Windows could lead to information disclosure and data tampering, which may impact compliance with data protection regulations such as GDPR and HIPAA. Unauthorized access or alteration of sensitive data due to this vulnerability could violate requirements for data confidentiality and integrity mandated by these standards.

However, the provided information does not explicitly detail the direct effects on compliance with specific standards or regulations.

Executive Summary

CVE-2026-24191 is a vulnerability in the NVIDIA Display Driver for Windows that involves a time-of-check time-of-use (TOCTOU) issue. This type of vulnerability occurs when there is a race condition between checking a condition and using the result of that check, which can be exploited by an attacker.

A successful exploit of this vulnerability could allow an attacker to cause denial of service, escalate privileges, disclose sensitive information, tamper with data, or execute arbitrary code on the affected system.

Impact Analysis

This vulnerability can have serious impacts including:

  • Denial of Service (DoS) - causing the system or driver to become unavailable.
  • Escalation of Privileges - allowing an attacker with limited access to gain higher privileges.
  • Information Disclosure - exposing sensitive data to unauthorized parties.
  • Data Tampering - unauthorized modification of data.
  • Code Execution - running arbitrary code, potentially leading to full system compromise.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24191. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart