HIGH Patch AvailableCVE-2026-11221

NVIDIA GPU Driver Out-of-Bounds Write Allowing Privilege Escalation in Multi-Tenant Environments

Discovered 18 February 2026 9 views

Overview

NVIDIA released a security bulletin for a high-severity vulnerability in their Linux GPU display driver affecting multiple driver branches. The vulnerability, identified as CVE-2026-11221, is an out-of-bounds write in the kernel mode driver's memory management module when processing malformed shader inputs. An unprivileged local user, such as a process within a Docker container that has access to the GPU device, can exploit this flaw. By crafting a specialized CUDA or Vulkan application, an attacker can trigger the out-of-bounds write, leading to a kernel panic and a complete denial of service (DoS) for the host machine. This is particularly dangerous in multi-tenant GPU-accelerated Kubernetes clusters, where a single malicious pod could crash the underlying node, disrupting all other tenants' workloads. Furthermore, NVIDIA noted that with sophisticated exploitation techniques, this vulnerability could potentially be leveraged to achieve arbitrary code execution in the kernel, leading to full privilege escalation from a container to the host node. This would allow an attacker to escape container isolation and gain complete control over the host and all other containers running on it. The vulnerability underscores the critical importance of keeping GPU drivers updated in virtualized and containerized environments where they form a key part of the attack surface.

Affected Systems

NVIDIA Linux GPU Driver R550 < 550.78NVIDIA Linux GPU Driver R535 < 535.171.04Kubernetes clusters with GPU nodes

Testing Guide

1. Identify the NVIDIA driver version on your Linux hosts by running `nvidia-smi`. 2. Compare the reported version number with the patched versions listed in the NVIDIA security bulletin for CVE-2026-11221. 3. If your driver version is older than the patched version for its respective branch (e.g., you are on 550.67 and the patch is 550.78), your system is vulnerable.

Mitigation Steps

1. **Update NVIDIA Drivers:** Immediately update all affected Linux systems to the patched driver versions specified in the NVIDIA security bulletin (e.g., 550.78 or 535.171.04 or newer). 2. **Restrict GPU Access:** In multi-tenant environments, use security mechanisms like SELinux or AppArmor to restrict container access to GPU device nodes and driver APIs as much as possible. 3. **Use GVisor or Kata Containers:** For workloads requiring strong isolation, run GPU-accelerated containers using sandboxing technologies like gVisor, which can intercept and validate driver calls, reducing the kernel's attack surface. 4. **Monitor for Malicious Activity:** Implement monitoring on GPU nodes to detect anomalous GPU usage patterns or unexpected kernel crashes that could indicate an exploitation attempt.

Patch Details

Patched in NVIDIA driver versions 550.78, 535.171.04, and subsequent releases.

Sources

https://nvidia.custhelp.com/app/answers/detail/a_id/5525

← Back to vulnerabilities