Cyber Resilience

CVE-2026-24192

HighUpdated

Published: 26 May 2026

Published
26 May 2026
Modified
11 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0023 13.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24192 is a high-severity Incorrect Conversion between Numeric Types (CWE-681) vulnerability in Nvidia Gpu Display Driver. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges,…

more

information disclosure, data tampering, and code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Heap buffer overflow in Linux display driver directly enables local exploitation for privilege escalation and arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24193Same product: Nvidia Gpu Display Driver
CVE-2026-24187Same product: Nvidia Gpu Display Driver
CVE-2026-24194Same product: Nvidia Gpu Display Driver
CVE-2026-24190Same product: Nvidia Gpu Display Driver
CVE-2026-24191Same product: Nvidia Gpu Display Driver
CVE-2026-24195Same product: Nvidia Gpu Display Driver
CVE-2026-24196Same product: Nvidia Gpu Display Driver
CVE-2026-24157Same vendor: Nvidia
CVE-2025-33240Same vendor: Nvidia
CVE-2025-33179Same vendor: Nvidia

Affected Assets

nvidia
gpu display driver
535 — 535.309.01 · 535 — 539.72 · 580 — 580.159.03

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References