SB2026062230 - Multiple vulnerabilities in NVIDIA DALI



SB2026062230 - Multiple vulnerabilities in NVIDIA DALI

Published: June 22, 2026

Security Bulletin ID SB2026062230
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2026-24180)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A local user can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Improper Validation of Array Index (CVE-ID: CVE-2026-24181)

CWE-ID: CWE-129 - Improper Validation of Array Index

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to improper array index validation. A local user can execute arbitrary code on the target system.


Remediation

Install update from vendor's website.