CVE-2026-24197 Overview
CVE-2026-24197 affects the NVIDIA Display Driver for Linux. The vulnerability resides in the Multi-Instance GPU (MIG) partition management code. Insecure default initialization of memory subsystem routing resources can cause data corruption or a hang when partitions are reconfigured. A local authenticated attacker with low privileges can trigger the condition and induce a denial of service against the GPU subsystem.
The issue maps to CWE-1188: Insecure Default Initialization of Resource. Because the scope is changed during exploitation, impact extends beyond the attacker's own context to other tenants sharing the GPU.
Critical Impact
A local low-privileged user can corrupt GPU memory routing state or hang the device during MIG reconfiguration, disrupting workloads running on shared partitions.
Affected Products
- NVIDIA Display Driver for Linux (MIG-capable GPUs)
- Systems using Multi-Instance GPU partitioning (e.g., A100, H100 class data center GPUs)
- Refer to the NVIDIA Support Response for the full list of affected branches
Discovery Timeline
- 2026-05-26 - CVE-2026-24197 published to NVD
- 2026-05-26 - Last updated in NVD database
Technical Details for CVE-2026-24197
Vulnerability Analysis
The NVIDIA Display Driver for Linux supports Multi-Instance GPU (MIG), which partitions a single physical GPU into isolated GPU instances. Each instance receives dedicated compute, memory, and memory subsystem routing resources. The driver is responsible for initializing these routing resources whenever a partition is created, destroyed, or reconfigured.
In the affected driver versions, the MIG partition management path uses an insecure default state for memory subsystem routing resources. When a local user with permission to interact with the GPU triggers partition reconfiguration, the driver consumes this default state without properly reinitializing it. The resulting routing configuration is inconsistent with the new partition topology.
This inconsistency can corrupt in-flight memory transactions or place the memory subsystem into a state that blocks further progress, hanging the GPU. The Scope:Changed CVSS metric reflects that the failure crosses the MIG isolation boundary, affecting workloads in other partitions on the same device.
Root Cause
The root cause is improper default initialization of memory subsystem routing resources during MIG partition reconfiguration [CWE-1188]. The driver assumes a safe initial state for routing structures that is not enforced before the reconfiguration sequence executes. Reconfiguration operations therefore inherit stale or unsafe defaults.
Attack Vector
Exploitation requires local access with low privileges on a system running the vulnerable Linux driver on a MIG-capable GPU. The attacker invokes MIG management operations through the NVIDIA driver interface, typically via tooling such as nvidia-smi mig or the NVML API, and requests partition reconfiguration. No user interaction is required. The result is data corruption or a GPU hang affecting all tenants on the device.
No public proof-of-concept exploit is available, and the issue is not listed in the CISA Known Exploited Vulnerabilities catalog. Verified exploitation code is not published, so technical specifics beyond the vendor advisory are not detailed here. See the NVIDIA Support Response for vendor guidance.
Detection Methods for CVE-2026-24197
Indicators of Compromise
- GPU hangs or unresponsive CUDA contexts coinciding with MIG reconfiguration events
- Kernel log entries from the nvidia module reporting Xid errors, MIG state transitions, or memory subsystem faults
- Unexpected nvidia-smi mig -cgi, -dgi, or -cci invocations from non-administrative users
- Workload failures across multiple MIG instances on the same physical GPU within a short window
Detection Strategies
- Audit auditd or eBPF telemetry for invocations of nvidia-smi mig and NVML partition management calls by non-privileged accounts
- Correlate dmesg output for NVRM, Xid, and MIG reconfiguration messages with workload failures
- Alert on driver-reported memory subsystem errors observed through DCGM (Data Center GPU Manager) metrics
Monitoring Recommendations
- Stream GPU telemetry from DCGM and nvidia-smi into a centralized data lake for cross-host correlation
- Track MIG configuration changes as a high-value event class, with alerts on changes outside scheduled maintenance windows
- Monitor for repeated GPU resets or driver reloads, which indicate hang recovery activity
How to Mitigate CVE-2026-24197
Immediate Actions Required
- Apply the fixed NVIDIA Linux display driver version listed in the NVIDIA Support Response
- Restrict access to MIG management operations to administrators only on multi-tenant GPU hosts
- Inventory MIG-capable GPUs and verify driver versions across Kubernetes GPU nodes and bare-metal systems
Patch Information
NVIDIA has published fixed driver versions through its security bulletin. Consult the NVIDIA Support Response and the CVE.org Record for CVE-2026-24197 for the specific branch versions that address the issue. Update both the host driver and any container runtime images that ship NVIDIA user-mode components.
Workarounds
- Disable MIG mode where partitioning is not required, using nvidia-smi -mig 0
- Limit MIG reconfiguration to scheduled maintenance windows performed by administrators
- Use Linux Discretionary Access Control and cgroup device controls to prevent untrusted users from issuing MIG management commands
# Verify installed NVIDIA driver version
nvidia-smi --query-gpu=driver_version --format=csv,noheader
# List MIG-capable devices and current MIG mode
nvidia-smi -L
nvidia-smi --query-gpu=mig.mode.current --format=csv
# Disable MIG mode on GPU 0 as a temporary mitigation
sudo nvidia-smi -i 0 -mig 0
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
