Nvidia tells users to update GPU drivers now or face possible attack - here's what we know

NVIDIA releases new GPU driver updates for Windows and Linux
Fixes 14 vulnerabilities in GeForce, RTX, Quadro, Tesla, NVS, vGPU, and Cloud Gaming software.
The most serious flaw, CVE-2026-24187, is a use-after-free bug rated 8.8/10 that allows code execution, privilege escalation, data theft, or system crashes.

Nvidia has released a new patch for its GPU display drivers, fixing 14 vulnerabilities on both Windows and Linux.

Most of the flaws are labeled as “high severity”, which is why Nvidia urged its users to apply the fixes without delay.

In a recently released security advisory, Nvidia said it fixed bugs in its GeForce, RTX, Quadro, Tesla, and NVS product lines, as well as its vGPU and Cloud Gaming software.

How to patch

The biggest vulnerability to address is a “use-after-free” memory flaw, now identified as CVE-2026-24187. With a severity of 8.8/10 (High), this bug allows threat actors to execute arbitrary code, steal data, escalate privileges, and even crash entire systems.

Several other high severity vulnerabilities allow malicious actors to do similar things, from code execution to privilege escalation and from data manipulation to information disclosure.

One affects both Windows and Linux systems through improper access to GPU resources at the kernel layer, while another specifically targets Windows through a synchronization flaw that could be exploited to manipulate system operations.

Among the bugs fixed are two in Nvidia’s unified virtual memory subsystem in Linux, which could lead to denial of service attacks without the need for elevated permissions. Nvidia’s vGPU software, used in virtualized and cloud environments, also received patches for two vulnerabilities in the virtual GPU manager component.

Users can now download updated drivers through the Nvidia Driver Downloads page or the Nvidia Licensing Portal, depending on the products they are running. Windows users should look for driver version 569.49 and newer, while those running Linux should look for version 590.48.01.

In addition to making sure the software is patched, users should also keep Windows Defender (or other antivirus programs) running at all times.

The company credited several third-party security researchers for responsibly reporting the flaws, including researchers from Seoul National University and the Binarly research team.