Detections
Analytics

Amazon Linux 2023 : nvidia-libXNVCtrl, nvidia-libXNVCtrl-devel, nvidia-settings (ALAS2023NVIDIA-2026-286)

high Nessus Plugin ID 319857

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-286 advisory.

 NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service. (CVE-2025-33221)

 NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service. (CVE-2026-24182)

 NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. (CVE-2026-24187)

 NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. (CVE-2026-24190)

 NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. (CVE-2026-24192)

 NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
 (CVE-2026-24194)

 NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service. (CVE-2026-24195)

 NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
 (CVE-2026-24196)

 NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service. (CVE-2026-24197)

 NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of service, data tampering, and information disclosure. (CVE-2026-24198)

 NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial of service. (CVE-2026-24199)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update nvidia-settings --releasever latest' or or 'dnf update --advisory ALAS2023NVIDIA-2026-286 --releasever latest' to update your system.

See Also

https://alas.aws.amazon.com//AL2023/ALAS2023NVIDIA-2026-286.html

https://alas.aws.amazon.com/faqs.html

https://explore.alas.aws.amazon.com/CVE-2025-33221.html

https://explore.alas.aws.amazon.com/CVE-2026-24182.html

https://explore.alas.aws.amazon.com/CVE-2026-24187.html

https://explore.alas.aws.amazon.com/CVE-2026-24190.html

https://explore.alas.aws.amazon.com/CVE-2026-24192.html

https://explore.alas.aws.amazon.com/CVE-2026-24194.html

https://explore.alas.aws.amazon.com/CVE-2026-24195.html

https://explore.alas.aws.amazon.com/CVE-2026-24196.html

https://explore.alas.aws.amazon.com/CVE-2026-24197.html

https://explore.alas.aws.amazon.com/CVE-2026-24198.html

https://explore.alas.aws.amazon.com/CVE-2026-24199.html

Plugin Details

Severity: High

ID: 319857

File Name: al2023_ALAS2023NVIDIA-2026-286.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/8/2026

Updated: 6/8/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-24194

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2026-24187

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:nvidia-libxnvctrl, p-cpe:/a:amazon:linux:nvidia-libxnvctrl-devel, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:nvidia-settings

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/8/2026

Vulnerability Publication Date: 5/21/2026

Reference Information

CVE: CVE-2025-33221, CVE-2026-24182, CVE-2026-24187, CVE-2026-24190, CVE-2026-24192, CVE-2026-24194, CVE-2026-24195, CVE-2026-24196, CVE-2026-24197, CVE-2026-24198, CVE-2026-24199

IAVA: 2026-A-0493