NVIDIA Display Driver for Linux Heap Buffer Overflow Vulnerability Allowing Privilege Escalation and Code Execution

A heap buffer overflow vulnerability has been identified in the NVIDIA Display Driver for Linux. This issue arises from an incorrect conversion between numeric types, which an attacker could exploit. Successful exploitation of this vulnerability could lead to a denial-of-service condition, unauthorized privilege escalation, information disclosure, data tampering, and arbitrary code execution.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to memory corruption. This type of vulnerability often allows for arbitrary code execution, as an attacker can manipulate the program's memory to execute malicious code. Additionally, this vulnerability could be exploited to escalate privileges, access sensitive information, or cause a denial-of-service condition by crashing the system or application.

Remediation

Users can upgrade to NVIDIA Display Driver versions 595.71.05, 580.159.03, or 535.309.01 to address this vulnerability. For those using Virtual GPU Manager, versions 595.58.02 (up to and including the March 2026 release), 580.126.08 (prior to and including vGPU 19.4), or 535.288.01 (prior to and including vGPU 16.13) are recommended.