CVE-2026-24182 Overview
CVE-2026-24182 affects the NVIDIA Display Driver for Windows and Linux. The flaw allows an authenticated local attacker to leak held driver locks, which can result in denial of service across affected systems. The issue is categorized under [CWE-667] Improper Locking and impacts the scope beyond the vulnerable component, meaning a non-privileged local user can disrupt resources managed by the driver. NVIDIA has published a technical support advisory describing the affected products and fixed driver branches.
Critical Impact
A local low-privileged user can leak held driver locks in the NVIDIA Display Driver, causing high-impact denial of service on Windows and Linux endpoints running GPU workloads.
Affected Products
- NVIDIA Display Driver for Windows
- NVIDIA Display Driver for Linux
- Refer to the NVIDIA Technical Support Answer for specific driver branches and fixed versions
Discovery Timeline
- 2026-05-26 - CVE CVE-2026-24182 published to NVD
- 2026-05-26 - Last updated in NVD database
Technical Details for CVE-2026-24182
Vulnerability Analysis
The vulnerability resides in lock management logic within the NVIDIA Display Driver. Under specific conditions, the driver fails to release locks that it acquires during normal operation. A local attacker with low privileges can repeatedly trigger the affected code path to leak these locks. Over time, held locks block legitimate threads and kernel components that require the same synchronization primitives. The result is resource starvation and a denial of service condition. Because the vulnerability has a changed scope, the impact extends past the driver boundary and can disrupt other components relying on GPU services. No confidentiality or integrity loss is associated with this issue, which is consistent with a pure availability bug.
Root Cause
The root cause is improper locking [CWE-667] inside the NVIDIA Display Driver. Specific execution paths allow a caller to acquire a driver lock without a guaranteed release path. Repeated invocation causes locks to remain held indefinitely, blocking dependent kernel and user-mode operations.
Attack Vector
Exploitation requires local access and low privileges. No user interaction is needed. The attacker invokes the affected driver interfaces from a standard user context and triggers the lock-leak condition. The NVIDIA Display Driver is widely deployed on workstations, gaming systems, and Linux compute hosts, expanding the relevant attack surface. The vulnerability is not network-reachable and is not listed in the CISA Known Exploited Vulnerabilities catalog.
No public proof-of-concept exploit is available. Refer to the NVD CVE-2026-24182 Detail and the NVIDIA Technical Support Answer for vendor-supplied technical details.
Detection Methods for CVE-2026-24182
Indicators of Compromise
- Repeated hangs or unresponsiveness in GPU-dependent applications and services on hosts running affected NVIDIA drivers.
- Kernel logs or Windows Event Viewer entries showing stalled threads waiting on driver synchronization objects related to nvlddmkm (Windows) or nvidia.ko (Linux).
- Unexpected display driver timeouts or TDR (Timeout Detection and Recovery) events occurring after unprivileged user activity.
Detection Strategies
- Monitor for unprivileged processes making high-frequency ioctl or DeviceIoControl calls to NVIDIA driver device objects.
- Correlate user-mode process activity with kernel-mode lock contention metrics where available through performance counters.
- Baseline GPU driver behavior and alert on sustained increases in kernel CPU time or blocked thread counts tied to the NVIDIA driver stack.
Monitoring Recommendations
- Track installed NVIDIA driver versions across the fleet and compare against the fixed branches listed in the NVIDIA advisory.
- Enable endpoint telemetry that captures driver crashes, system hangs, and kernel watchdog events for centralized analysis.
- Review logs from multi-user systems such as VDI hosts and Linux compute nodes, where local DoS impact is most pronounced.
How to Mitigate CVE-2026-24182
Immediate Actions Required
- Inventory all Windows and Linux endpoints running NVIDIA Display Drivers and identify versions outside the fixed branches.
- Apply the updated NVIDIA Display Driver as published in the NVIDIA Technical Support Answer.
- Prioritize multi-tenant systems, virtual desktop infrastructure, and shared Linux compute nodes where local users are present.
Patch Information
NVIDIA has published fixed driver versions in its security bulletin. Consult the NVIDIA Technical Support Answer for the exact patched branches for Windows and Linux. Apply vendor-supplied driver updates through standard software distribution channels and validate post-install driver versions.
Workarounds
- Restrict local interactive logon on sensitive systems to trusted administrators until patches are applied.
- Limit access to NVIDIA driver device interfaces on Linux through stricter file permissions on /dev/nvidia* where operationally feasible.
- Reboot affected hosts to recover from a triggered lock-leak condition while patch deployment is in progress.
# Verify installed NVIDIA driver version
# Linux
nvidia-smi --query-gpu=driver_version --format=csv
# Windows (PowerShell)
Get-WmiObject Win32_PnPSignedDriver | Where-Object { $_.DeviceName -like "*NVIDIA*" } | Select-Object DeviceName, DriverVersion
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
