CVE-2026-24192
NVIDIA Linux Display Driver Type Conversion Heap Overflow
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | display_driver | *-* |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-681 | When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24192 is a vulnerability in the NVIDIA Display Driver for Linux caused by an incorrect conversion between numeric types. This flaw leads to a heap buffer overflow, which occurs when more data is written to a buffer than it can hold.
An attacker exploiting this vulnerability could trigger various harmful effects including denial of service, escalation of privileges, information disclosure, data tampering, and even arbitrary code execution.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including denial of service, where the system or application becomes unavailable.
It can also allow an attacker to escalate their privileges, gaining higher access rights than intended.
Additionally, it may lead to information disclosure, exposing sensitive data, data tampering which compromises data integrity, and execution of malicious code on the affected system.