NVIDIA has released critical security updates for its GPU Display Drivers after discovering multiple high-severity vulnerabilities that could allow attackers to execute malicious code and escalate privileges on affected systems.
The security bulletin, published on January 27, 2026, addresses five distinct vulnerabilities affecting Windows, Linux, and virtualization platforms, with CVSS scores reaching 7.8.
Use-After-Free and Integer Overflow Flaws Enable Code Execution
The most significant vulnerabilities involve memory safety issues in NVIDIA’s driver software across multiple platforms.
| CVE ID | Description | CVSS Score | Severity |
| CVE-2025-33217 | Use-after-free in Windows Display Driver enabling code execution and privilege escalation | 7.8 | High |
| CVE-2025-33218 | Integer overflow in Windows kernel mode layer (nvlddmkm.sys) leading to code execution | 7.8 | High |
| CVE-2025-33219 | Integer overflow in Linux kernel module causing potential code execution | 7.8 | High |
| CVE-2025-33220 | Use-after-free in vGPU Virtual GPU Manager allowing heap memory access after free | 7.8 | High |
| CVE-2025-33237 | NULL pointer dereference in HD Audio Driver causing denial of service | 5.5 | Medium |
CVE-2025-33217 affects the Windows Display Driver and stems from a use-after-free condition that attackers can exploit to achieve code execution, privilege escalation, data tampering, denial of service, and information disclosure.
Two additional flaws, CVE-2025-33218 and CVE-2025-33219, involve integer overflow vulnerabilities in the Windows kernel mode layer (nvlddmkm.sys) and Linux kernel module respectively, presenting identical attack vectors and impacts.
The vulnerabilities require local access with low-level privileges to exploit, but successful attacks grant attackers high-level control over confidentiality, integrity, and availability of affected systems.
All three flaws carry identical CVSS v3.1 base scores of 7.8 and are classified as high severity.
The NVIDIA vGPU software also contains a similar use-after-free vulnerability (CVE-2025-33220) in the Virtual GPU Manager, where malicious guests could trigger heap memory access after memory deallocation.
NVIDIA has released updated drivers across four major branches (R590, R580, R570, and R535) for GeForce, NVIDIA RTX, Quadro, NVS, and Tesla products.
Windows users should upgrade to driver versions 591.59, 582.16, 573.76, or 539.64 depending on their branch.
Linux users need to install versions 590.48.01, 580.126.09, 570.211.01, or 535.288.01. Additionally, a medium-severity vulnerability (CVE-2025-33237) in the NVIDIA HD Audio Driver could cause denial-of-service through NULL pointer dereference exploitation.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.