• Home
  • cyber
  • NVIDIA: NVIDIA GPU Display Driver Vulnerability Enables Code Execution and Privilege Escalation
cyber Vulnerability

NVIDIA: NVIDIA GPU Display Driver Vulnerability Enables Code Execution and Privilege Escalation

Jan 27, 2026 2 min read
NVIDIA: NVIDIA GPU Display Driver Vulnerability Enables Code Execution and Privilege Escalation

NVIDIA Patches Critical GPU Driver Vulnerabilities in High-Severity Update

On January 27, 2026, NVIDIA released security updates addressing five high-severity vulnerabilities in its GPU Display Driver, vGPU platform, and HD Audio drivers, impacting millions of systems globally. The flaws, tracked under CVEs 2025-33217, -33218, -33219, -33220, and -33237, enable local privilege escalation, arbitrary code execution, and denial-of-service (DoS) attacks, with the most severe carrying a CVSS score of 7.8.

The vulnerabilities stem from use-after-free and integer overflow conditions in kernel-mode components, allowing authenticated attackers to execute malicious code, gain system-level privileges, or disrupt operations without user interaction. CVE-2025-33220 poses a particularly high risk for enterprises, as it affects the vGPU Manager, enabling guest VMs to escape hypervisors and compromise host systems in cloud and data center environments.

Affected products include GeForce, RTX, Quadro, NVS, and Tesla drivers across Windows and Linux, as well as vGPU software on XenServer, VMware vSphere, and Red Hat KVM. NVIDIA’s patches span multiple driver branches:

  • Windows: R590 (591.59), R580 (582.16), R570 (573.96), R535 (539.64)
  • Linux: R590 (590.48.01), R580 (580.126.09), R570 (570.211.01), R535 (535.288.01)
  • vGPU: 580.129.08 (XenServer), 570.211.01 (VMware), 535.288.01 (RHEL KVM)

CVE-2025-33237, a medium-severity NULL pointer dereference in HD Audio drivers (CVSS 5.5), could also trigger DoS conditions.

Exploitation requires only low-level local access, making these flaws attractive for lateral movement in compromised networks. NVIDIA credits researchers Kentaro Kawane, Sam Lovejoy, Valentina Palmiotti, and Thomas Keefer for responsible disclosure. Organizations are urged to prioritize updates, as unpatched systems remain exposed to kernel exploitation techniques commonly used in advanced persistent threat (APT) campaigns.

Source: https://cyberpress.org/nvidia-gpu-display-driver-vulnerability/

NVIDIA cybersecurity rating report: https://www.rankiteo.com/company/nvidia

"id": "NVI1769776911",
"linkid": "nvidia",
"type": "Vulnerability",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Millions of systems globally',
                        'industry': 'Technology/Semiconductors',
                        'location': 'Global',
                        'name': 'NVIDIA',
                        'type': 'Corporation'}],
 'attack_vector': 'Local Access',
 'date_publicly_disclosed': '2026-01-27',
 'date_resolved': '2026-01-27',
 'description': 'On January 27, 2026, NVIDIA released security updates '
                'addressing five high-severity vulnerabilities in its GPU '
                'Display Driver, vGPU platform, and HD Audio drivers, '
                'impacting millions of systems globally. The flaws enable '
                'local privilege escalation, arbitrary code execution, and '
                'denial-of-service (DoS) attacks, with the most severe '
                'carrying a CVSS score of 7.8. The vulnerabilities stem from '
                'use-after-free and integer overflow conditions in kernel-mode '
                'components, allowing authenticated attackers to execute '
                'malicious code, gain system-level privileges, or disrupt '
                'operations without user interaction. CVE-2025-33220 poses a '
                'particularly high risk for enterprises, as it affects the '
                'vGPU Manager, enabling guest VMs to escape hypervisors and '
                'compromise host systems in cloud and data center '
                'environments.',
 'impact': {'operational_impact': 'Disruption of operations, potential '
                                  'hypervisor escape in cloud/data center '
                                  'environments',
            'systems_affected': 'Millions of systems globally'},
 'post_incident_analysis': {'corrective_actions': 'Patches released for '
                                                  'affected drivers and '
                                                  'platforms',
                            'root_causes': ['Use-After-Free',
                                            'Integer Overflow',
                                            'NULL Pointer Dereference']},
 'recommendations': 'Organizations are urged to prioritize updates to mitigate '
                    'exposure to kernel exploitation techniques commonly used '
                    'in advanced persistent threat (APT) campaigns.',
 'references': [{'source': 'NVIDIA Security Bulletin'}],
 'response': {'containment_measures': 'Security updates released',
              'remediation_measures': 'Patches for GPU Display Driver, vGPU '
                                      'platform, and HD Audio drivers'},
 'title': 'NVIDIA Patches Critical GPU Driver Vulnerabilities in High-Severity '
          'Update',
 'type': ['Privilege Escalation',
          'Arbitrary Code Execution',
          'Denial-of-Service (DoS)'],
 'vulnerability_exploited': ['Use-After-Free',
                             'Integer Overflow',
                             'NULL Pointer Dereference']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.