CVE-2026-24201: NVIDIA vGPU Software DoS Vulnerability

CVE-2026-24201 Overview

CVE-2026-24201 affects NVIDIA vGPU software, where the virtual GPU manager contains an out-of-bounds write vulnerability [CWE-787]. An authenticated local attacker with low privileges can trigger out-of-bounds memory access through the virtual GPU manager component. Successful exploitation can lead to data tampering, denial of service, or information disclosure within the affected virtualization environment.

The vulnerability carries a CVSS 3.1 base score of 5.8 (MEDIUM) and requires local access with high attack complexity. NVIDIA has published an advisory addressing this flaw through its customer support portal.

Critical Impact

Out-of-bounds access in the NVIDIA virtual GPU manager can result in guest-to-host data tampering, host denial of service, or leakage of sensitive memory contents from co-tenant virtual machines.

Affected Products

• NVIDIA vGPU software (virtual GPU manager component)
• Refer to the NVIDIA Support Answer for the complete list of impacted versions and platforms

Discovery Timeline

• 2026-05-26 - CVE-2026-24201 published to NVD
• 2026-05-26 - Last updated in NVD database

Technical Details for CVE-2026-24201

Vulnerability Analysis

The flaw resides in the NVIDIA virtual GPU manager, the host-side component responsible for mediating access between guest virtual machines and physical GPU resources. An out-of-bounds write condition [CWE-787] allows a local actor with low privileges to write data outside the bounds of an allocated buffer. According to NVIDIA, successful exploitation can yield three distinct outcomes: data tampering, denial of service, and information disclosure.

The attack requires local access to a system running the affected vGPU manager, typically meaning the attacker controls a guest VM or has shell access to the hypervisor host. High attack complexity indicates that exploitation depends on conditions outside the attacker's direct control, such as memory layout, timing, or specific GPU workload states.

Root Cause

The root cause is improper validation of input parameters or buffer boundaries within the virtual GPU manager's memory handling routines. When the manager processes requests from guest VMs, insufficient bounds checking allows data to be written past the end of an intended buffer. This corrupts adjacent memory structures that govern GPU resource allocation, scheduling, or inter-VM isolation.

Attack Vector

An attacker operating with low privileges on a system using NVIDIA vGPU must craft specific requests that traverse the guest-to-hypervisor boundary through the virtual GPU manager. Because the scope is unchanged, exploitation impacts only the vulnerable component itself rather than crossing into a broader security authority. Availability impact is high, while confidentiality and integrity impacts are limited.

No public proof-of-concept exploit is available for CVE-2026-24201, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The EPSS probability is 0.012%, reflecting low predicted exploitation activity. Technical specifics are documented in the NVIDIA Support Answer.

Detection Methods for CVE-2026-24201

Indicators of Compromise

• Unexpected crashes or restarts of the NVIDIA vGPU manager service on the hypervisor host
• Guest VM GPU sessions terminating abnormally without administrator-initiated action
• Hypervisor kernel logs containing GPU driver fault entries, segmentation violations, or memory protection errors tied to the vGPU manager process
• Anomalous GPU memory allocation patterns from a single guest VM preceding host instability

Detection Strategies

• Monitor hypervisor system logs for repeated faults or panics originating in NVIDIA vGPU manager modules
• Correlate guest VM GPU API call volumes against baseline behavior to identify abusive request patterns
• Inventory all hosts running NVIDIA vGPU software and verify they are running patched versions per the vendor advisory
• Review guest VM activity timelines for low-privilege users issuing unusual GPU control operations before host events

Monitoring Recommendations

• Enable verbose logging on the NVIDIA vGPU manager and forward events to a centralized SIEM for correlation
• Alert on hypervisor kernel messages referencing GPU driver crashes, NULL dereferences, or out-of-bounds access
• Track GPU resource allocation metrics per guest VM and flag deviations from established baselines
• Audit privileged operations against the vGPU manager on a recurring schedule

How to Mitigate CVE-2026-24201

Immediate Actions Required

• Apply the NVIDIA security update referenced in the NVIDIA Support Answer ID 5821 to all affected hypervisor hosts
• Inventory every system running NVIDIA vGPU software and confirm version status against the vendor advisory
• Restrict local and guest VM access to trusted users until patching is complete
• Snapshot affected hypervisor hosts before patching to enable rollback if needed

Patch Information

NVIDIA has published fixed versions through its customer support portal. Administrators should consult the NVIDIA Support Answer for the precise version matrix corresponding to their deployed vGPU branch. The official record is available at the CVE.org Record CVE-2026-24201 and the NVD CVE-2026-24201 Details pages.

Workarounds

• Limit guest VM provisioning to vetted tenants while patches are being staged
• Reduce the number of GPU-passthrough guests per host to constrain blast radius if a denial of service occurs
• Increase logging verbosity on the vGPU manager to accelerate identification of exploitation attempts
• Where vGPU functionality is non-essential, temporarily disable the virtual GPU manager service until patches are applied

# Configuration example: verify installed NVIDIA vGPU manager version on a Linux hypervisor
nvidia-smi -q | grep -i "Driver Version"
rpm -qa | grep -i nvidia-vgpu-manager   # RHEL/CentOS
dpkg -l | grep -i nvidia-vgpu-manager   # Debian/Ubuntu

# Review recent vGPU manager faults
journalctl -u nvidia-vgpu-mgr --since "7 days ago" | grep -Ei "fault|oops|segfault|out-of-bounds"