CVE-2026-24191
NVIDIA Display Driver TOCTOU Vulnerability
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | display_driver | * |
| nvidia | display_driver | From 7.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24191 is a vulnerability in the NVIDIA Display Driver for Windows that involves a time-of-check time-of-use (TOCTOU) issue. This type of vulnerability occurs when there is a race condition between checking a condition and using the result of that check, which can be exploited by an attacker.
A successful exploit of this vulnerability could allow an attacker to cause denial of service, escalate privileges, disclose sensitive information, tamper with data, or execute arbitrary code on the affected system.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including:
- Denial of Service (DoS) - causing the system or driver to become unavailable.
- Escalation of Privileges - allowing an attacker with limited access to gain higher privileges.
- Information Disclosure - exposing sensitive data to unauthorized parties.
- Data Tampering - unauthorized modification of data.
- Code Execution - running arbitrary code, potentially leading to full system compromise.