NVIDIA releases May 2026 security update to fix high severity flaws

NVIDIA has identified security risks in older GPU drivers that could let hackers take control of your system. This update is more important than regular driver updates because it fixes high-severity security holes.
By Newsroom | Technology, Security |

NVIDIA has disclosed a number of high-severity vulnerabilities within its older GPU drivers and vGPU software. These flaws, affecting both Windows and Linux platforms, could allow attackers to achieve remote code execution, escalate privileges, tamper with data, or cause denial of service. The company has released security updates to address these issues, urging users to update their drivers promptly.

The vulnerabilities stem from several weaknesses, including uncontrolled DLL loading, use-after-free errors, race conditions, and uninitialized pointer issues.

The affected driver versions are primarily those preceding the following:

  • Windows Drivers: R580 branch (versions prior to 581.42), R570 branch (versions prior to 573.76), and R535 branch (versions prior to 539.56).

  • Linux Drivers: R580 branch (versions prior to 580.95.05), R570 branch (versions prior to 570.195.03), and R535 branch (versions prior to 535.274.02).

NVIDIA's own security bulletin details these concerns, classifying them as "high severity." Specific CVE identifiers mentioned include CVE-2025-23309, which relates to uncontrolled DLL loading, and CVE-2025-23347 concerning NVIDIA Project G-Assist, allowing privilege escalation. Two Linux driver vulnerabilities, CVE-2025-23280 and CVE-2025-23282, are also cited, involving use-after-free and race conditions respectively, both carrying CVSS scores of 7.0.

Read More: Google I/O 2026: New AI Agents Will Do Tasks For You

Impact and Risks

These vulnerabilities, detailed in advisories like one from Eventus Security, carry significant risk. For instance, CVE-2025-23309 specifically has a CVSS base score of 8.2, indicating a high level of potential impact. Security researchers have pointed out that attackers could leverage these weaknesses to gain unauthorized access and control over systems running the older driver versions.

NVIDIA's Stance

NVIDIA acknowledges these security concerns, stating on their product security page that they "take security concerns seriously and work to quickly evaluate and address them." The company commits resources to analyze, validate, and provide corrective actions for reported issues. The patched versions of the drivers are available for download through NVIDIA's official driver download pages and the NVIDIA Licensing Portal for vGPU and cloud gaming environments. Users with the NVIDIA App or GeForce Experience installed should be prompted to update automatically.

Read More: NVIDIA Drivers Update Needed After Security Flaw Found

Frequently Asked Questions