NVIDIA Issues Critical Security Update for GPU Drivers: Users Urged to Update Immediately
NVIDIA Issues Critical Security Update for GPU Drivers: Users Urged to Update Immediately
- 60% of MD5 Password Hashes Can Be Cracked in Under an Hour with a Single GPU
- Dirty Frag: Root Access on Every Major Linux Distribution — No Patch, No Warning
- Ubuntu 26.04 LTS (Resolute Raccoon): The Most Ambitious Ubuntu LTS in a Decade
- Proton Mail: Data Transferred to FBI Again!
- How Close Are Quantum Computers to Breaking RSA-2048?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
NVIDIA Issues Critical Security Update for GPU Drivers: Users Urged to Update Immediately
January 30, 2026 — NVIDIA has released an important security bulletin addressing multiple high-severity vulnerabilities in its GPU display drivers for both Windows and Linux systems.
The vulnerabilities, if exploited, could allow attackers to execute malicious code, escalate privileges, tamper with data, or cause system crashes.
Critical Vulnerabilities Identified
According to NVIDIA’s official security bulletin published in January 2026, the company has identified several critical security flaws affecting GeForce, RTX, Quadro, NVS, and Tesla GPU users across multiple platforms.
Windows Driver Vulnerabilities
The Windows GPU display drivers contain two high-severity vulnerabilities:
-
CVE-2025-33217: A use-after-free vulnerability that could enable attackers to execute code, escalate privileges, tamper with data, cause denial of service, or disclose sensitive information. This flaw has been assigned a CVSS score of 7.8 (High severity).
-
CVE-2025-33218: An integer overflow vulnerability in the kernel mode layer (nvlddmkm.sys) that could lead to similar exploits, also rated at 7.8 severity.
Linux Driver Vulnerabilities
Linux users face similar risks with CVE-2025-33219, an integer overflow or wraparound vulnerability in the NVIDIA kernel module. This flaw carries the same high-severity rating and could result in code execution, privilege escalation, data tampering, denial of service, or information disclosure.
Additional Security Concerns
Beyond the GPU display drivers, NVIDIA has also addressed vulnerabilities in:
-
NVIDIA vGPU Software (CVE-2025-33220): A use-after-free vulnerability in the Virtual GPU Manager that could be exploited by malicious guests in virtualized environments.
-
NVIDIA HD Audio Software (CVE-2025-33237): A NULL pointer dereference issue that could cause denial of service attacks, rated as medium severity with a CVSS score of 5.5.
Affected Products and Versions
Windows Users
GeForce, NVIDIA RTX, Quadro, NVS, and Tesla users running the following driver versions are affected:
- R590 branch: All versions prior to 591.59
- R580 branch: All versions prior to 582.16
- R570 branch: All versions prior to 573.96
- R535 branch: All versions prior to 539.64
Linux Users
Linux users running the following driver versions should update immediately:
- R590 branch: All versions prior to 590.48.01
- R580 branch: All versions prior to 580.126.09
- R570 branch: All versions prior to 570.211.01
- R535 branch: All versions prior to 535.288.01
How to Update
NVIDIA strongly recommends that all affected users update their drivers as soon as possible. Users can download the latest drivers through:
-
NVIDIA Driver Downloads page: Visit nvidia.com/Download to manually download the appropriate driver for your system.
-
NVIDIA App or GeForce Experience: Users with these applications installed should receive automatic update notifications.
-
NVIDIA Licensing Portal: Enterprise customers using vGPU software or Cloud Gaming solutions should access updates through the NVIDIA Licensing Portal.
Hardware Vendor Versions
Some computer hardware manufacturers may provide alternative driver versions (591.55, 581.95, 573.91, and 539.61 for Windows) that also contain these security updates. Users should check with their hardware vendors for system-specific updates.
Expert Recommendations
Security researchers acknowledge NVIDIA’s prompt response to these vulnerabilities. Kentaro Kawane reported the Windows vulnerabilities (CVE-2025-33217 and CVE-2025-33218), while Sam Lovejoy and Valentina Palmiotti identified the Linux flaw (CVE-2025-33219).
NVIDIA emphasizes that while the company is not aware of any active exploits at this time, the nature of these vulnerabilities makes updating a critical priority. The company’s risk assessment indicates that the actual risk may vary depending on individual system configurations, and users are encouraged to consult with IT security professionals to evaluate their specific risk exposure.
Additional Information
For more details about these vulnerabilities and the update process, users can:
- Visit the official NVIDIA Product Security page at nvidia.com/security
- Subscribe to NVIDIA security bulletin notifications
- Contact NVIDIA Support for assistance
Users experiencing issues after updating their drivers should report them through official NVIDIA support channels. As with any driver update, it is recommended to create a system restore point before installation.
This security bulletin was last updated by NVIDIA on January 27, 2026. For the most current information, please refer to NVIDIA’s official security bulletin (ID: 5747) on their support website.
