What is CVE-2026-24199?

CVE-2026-24199 is a medium-severity vulnerability in Nvidia Geforce, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 4.7/10. Published 2026-05-26.

How severe is CVE-2026-24199?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Vulnerability in Nvidia Geforce

CVE-2026-24199

NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial…

Vulnerability class: Race Condition

EPSS: 0.000 (2.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Nvidia Geforce — versions All driver versions prior to 595.71.05, All driver versions prior to 580.159.03, All driver versions prior to 535.309.01
Nvidia Gpu_display_driver
Nvidia Guest Driver — versions 580.126.09(All versions prior to and including vGPU 19.4), 535.288.01(All versions prior to and including vGPU 16.13), 595.58.03(All versions up to and including the March 2026 release)
Nvidia Rtx, Quadro, Nvs — versions All driver versions prior to 595.71.05, All driver versions prior to 580.159.03, All driver versions prior to 535.309.01
Nvidia Nvs
Nvidia Quadro
Nvidia Rtx
Nvidia Rtx, Quadro, Nvs — versions All driver versions prior to 595.71.05, All driver versions prior to 580.159.03, All driver versions prior to 535.309.01
Nvidia Tesla — versions All driver versions prior to 595.71.05, All driver versions prior to 580.159.03, All driver versions prior to 535.309.01
Nvidia Virtual Gpu Manager — versions 595.58.02(All versions up to and including the March 2026 release), 580.126.08(All versions prior to and including vGPU 19.4), 535.288.01(All versions prior to and including vGPU 16.13)

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

psirt@nvidia.com (US Government Resource, Third Party Advisory)
psirt@nvidia.com (VDB Entry, Third Party Advisory)
psirt@nvidia.com (Vendor Advisory)

Frequently asked questions

What is CVE-2026-24199?: CVE-2026-24199 is a medium-severity vulnerability in Nvidia Geforce, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 4.7/10. Published 2026-05-26.
How severe is CVE-2026-24199?: Medium severity. CVSS v3 base score is 4.7 out of 10.