NVIDIA has released an update for new vulnerabilities affecting GPU drivers on Windows and Linux, especially GeForce graphics cards. The security bulletin covers GeForce, NVIDIA RTX, Quadro, NVS, Tesla, vGPU and Cloud Gaming components. There are risks of denial of service, privilege escalation, information leakage, data modification and code execution on systems that have not upgraded to the current version. High-risk vulnerabilities in NVIDIA drivers have been closed.
NVIDIA’s May 2026 security bulletin included multiple CVE records for the GPU Display Driver. The highest-scoring vulnerability was CVE-2026-24187, which is listed as a use-after-free bug in the Linux driver. The CVSS base score for this vulnerability was given as 8.8 and the risk level was classified as High. In the same bulletin, vulnerabilities such as incorrect access to GPU resources on the Windows and Linux kernel mode layer side, time-of-check time-of-use problem on the Windows side, heap buffer overflow, out-of-bounds write, incorrect permission management, Unified Virtual Memory input validation problem, out-of-bounds read and race condition on the Linux side were also included.
All versions before 596.36 in the R595 version branch for GeForce on the Windows side are among the affected versions. In the R580 branch, updates are required for versions before 582.53. NVIDIA’s table also states that for the R580 branch, only GPUs with Maxwell, Volta and Pascal architectures are affected. Separate updated version numbers were shared for the R595, R580 and R535 branches for NVIDIA RTX, Quadro, NVS and Tesla products.
On the Linux side, for GeForce, versions before 595.71.05 in the R595 branch, before 580.159.03 in the R580 branch and before 535.309.01 in the R535 branch are among the affected versions. The same release thresholds apply to NVIDIA RTX, Quadro, NVS and Tesla products. NVIDIA stated that systems using older software branches may also be affected, and users of old branches whose current version is not listed should switch to the newest version.
NVIDIA noted that on the Windows side, versions 595.95, 592.13, 582.42 and 539.69 offered by some computer manufacturers also include security updates. This detail is especially important for ready-made systems, laptops or devices that use manufacturer-specific drivers. Users can install the update via the NVIDIA Driver Downloads page or via the NVIDIA App. The security update does not only cover the latest generation gaming graphics cards.
According to the information provided by TweakTown, the update call applies to older GeForce GTX hardware as well as GeForce RTX users. For security fixes on old GPUs based on Maxwell, Volta and Pascal, it is necessary to upgrade to version 582.53 or newer. Separate vulnerabilities were also included in the bulletin for vGPU software. CVE-2026-24200 was announced as a use-after-free for stack memory issue in the Virtual GPU Manager component in the vGPU software and listed the risks of denial of service, privilege escalation, information leakage, data modification and code execution in a successful exploit.
On the vGPU side, current version numbers for Windows guest driver, Linux guest driver, Virtual GPU Manager and different virtualization platforms were shared separately. On the Cloud Gaming side, versions dated March 2026 and earlier were among the affected versions. According to NVIDIA’s table, the April 2026 versions for Cloud Gaming Software Driver and Virtual GPU Manager include the security update. This scope also highlights the update process for GeForce NOW partners and service providers using NVIDIA GPU software in cloud gaming infrastructure.
NVIDIA’s security bulletin was first published on May 19, 2026. On May 20, corrections were made to the GeForce and Linux table, replacing R590 with R595 and updating some version numbers. On May 21, current version errors in the vGPU software, Windows driver version errors, and vector and score information for CVE-2026-24194 were corrected. GeForce Game Ready Driver 596.36 is listed as one of the versions containing the security fix.
The newer 596.49 WHQL Game Ready driver was released on May 12, 2026, and comes with Game Ready support for Forza Horizon 6, Directive 8020, and Subnautica 2. NVIDIA recommends upgrading to the latest version.
Comments
You can write your views about this story. Comments may be moderated according to site settings.