NVIDIA Security Update 582.28 WHQL for Legacy Maxwell Pascal Volta GPUs

NVIDIA has quietly pushed a targeted security driver—GeForce Security Update 582.28 WHQL—for legacy Maxwell, Pascal, and Volta GPUs, and if you still run a GTX 10-series, 900-series, 700-series, or a Titan Pascal card you should install it as soon as practical. Released on January 28, 2026, the update closes five documented vulnerabilities spanning Windows display drivers, Linux kernel modules, vGPU software, and the NVIDIA HD Audio stack. This is not a feature or performance release: it is a focused security patch intended to reduce attack surface on older hardware that will no longer receive Game Ready optimizations.

Background​

NVIDIA ended Game Ready driver support for Maxwell, Pascal, and Volta desktop GPUs in late 2025, but pledged to deliver quarterly security-only updates for those architectures through October 2028. That policy shift means cards like the GeForce GTX 1080, GTX 1060, GTX 980, GTX 750 Ti and Pascal-based TITAN models will not receive game optimizations or new features going forward—but they will receive intermittent security fixes when serious issues are discovered.
582.28 WHQL is the first of these legacy security-focused updates published after the Game Ready support cutoff. Unlike the Game Ready model, the release deliberately omits new performance-related fixes and instead remediates vulnerabilities that could be exploited remotely or locally to compromise a system.

---

What NVIDIA fixed in 582.28 (the essentials)​

NVIDIA’s security bulletin and the driver manifest make clear that 582.28 addresses five CVE-tracked vulnerabilities affecting display drivers and related components. These are the functional details you need to know:

• CVE-2025-33217 — Windows display driver: use-after-free vulnerability. A privileged or local attacker could trigger memory reuse leading to arbitrary code execution, privilege escalation, data tampering, denial of service, or information disclosure.
• CVE-2025-33218 — Windows kernel-mode layer (nvlddmkm.sys): integer overflow. Exploitation could lead to code execution, privilege escalation, or other serious impacts.
• CVE-2025-33219 — Linux NVIDIA kernel module: integer overflow or wraparound. On Linux hosts this could yield code execution or elevation of privilege, among other impacts.
• CVE-2025-33220 — NVIDIA vGPU Virtual GPU Manager: heap access-after-free triggered by a guest. A malicious VM guest could exploit this to affect the host or other guests—particularly important in virtualized environments using NVIDIA vGPU.
• CVE-2025-33237 — NVIDIA HD Audio driver on Windows: NULL pointer dereference resulting in potential denial-of-service conditions.

Collectively these vulnerabilities carry High severity scores (most with CVSS base scores of 7.8) and one Medium (5.5) for the audio NULL-dereference. The profile—use-after-free, integer overflow, heap use-after-free—tracks common, high-impact kernel or kernel-adjacent bugs that can be weaponized in local privilege escalation or remote attack chains when combined with other flaws.

---

Which GPUs and systems are affected​

This security update is targeted at legacy NVIDIA architectures and specific families, and it is published as a WHQL-certified package for Windows 10 and Windows 11 where applicable. The broad product families covered include:

• GeForce 10-series (Pascal): GTX 1080 Ti, GTX 1080, GTX 1070 (and Ti), GTX 1060, GTX 1050-series, GT 1030, etc.
• GeForce 900-series (Maxwell): GTX 980 Ti, GTX 980, GTX 970, GTX 960, GTX 950, etc.
• GeForce 700-series (Maxwell): GTX 750 Ti, GTX 750, GTX 745, and similar models.
• NVIDIA TITAN-series (Pascal/Volta variants): TITAN V, TITAN Xp, TITAN X (Pascal), GTX TITAN X.
• Selected notebook MX and mobile variants tied to those architectures.

If your system matches one of these model lines, the 582.28 package is intended for your GPU. For virtualized environments, NVIDIA’s vGPU branch updates list the affected vGPU manager versions and guest-driver branches that incorporate the fixes.

---

Why this matters: the threat model explained​

Graphics drivers run at or near kernel privilege and interface directly with user graphics processes, the windowing system, and multiple I/O subsystems. That combination makes them attractive targets to attackers for several reasons:

• Graphics drivers expose a broad attack surface: userland applications (games, browsers, media players) routinely submit complex data to the GPU stack. Flaws that let malformed inputs propagate into the kernel can be escalated into full system compromise.
• GPU drivers are often loaded in enterprise and cloud environments: vGPU and multi-tenant virtualization scenarios can expose the host to malicious or compromised guest VMs.
• Legacy drivers tend to stay on machines longer: older cards remain in service in many offices, labs, and enthusiast rigs. They may not be upgraded often—meaning a vulnerability discovered now could be widely present for months.

Because the flaws here are common classes used in real-world exploits (use-after-free, integer overflow), unpatched systems may be at meaningful risk—especially when local untrusted code execution is possible (e.g., an attacker that can run code in a user session, trick the user into opening a file, or deliver a browser exploit chain).

---

What the release doesn’t do​

It’s important to set expectations: 582.28 is a security-only update. That means:

• No new Game Ready optimizations, no DLSS/AI/feature improvements, and no targeted performance fixes for modern titles.
• Several previously reported gaming bugs remain unchanged. NVIDIA’s known issues list still references text distortion in Counter-Strike 2 when in-game resolution is lower than the monitor’s native resolution and occasional flickering in Like a Dragon: Infinite Wealth on some system configurations.
• If you were hoping this release would fix a visual bug that’s been bothering you for months, it likely won’t.

This is consistent with NVIDIA’s legacy-driver policy: functional and game-specific fixes stop after the Game Ready cutoff; security fixes are the sole focus for this branch until the end-of-life horizon.

---

How to install 582.28 safely (step-by-step)​

If you run an affected GPU, updating is straightforward—but be deliberate. Kernel-mode driver installers demand caution.

• Back up critical data and create a system restore point before changing kernel drivers.
• Obtain the driver from the official NVIDIA driver download or enterprise vGPU update portals; prefer the vendor package over third-party mirrors.
• Verify the installer’s digital signature and file metadata:
• Right-click the EXE → Properties → Digital Signatures and confirm the signer is NVIDIA Corporation.
• Check the file name and size against the official NVIDIA download manifest where available.
• Close games and GPU-heavy applications; optionally boot into a clean Windows session.
• Run the installer and choose the Custom (Advanced) option if available. Select Perform a clean installation if you suspect prior driver-state problems.
• Reboot when prompted. Validate system stability and verify the driver version in Device Manager or NVIDIA Control Panel.

These steps minimize the risk of corrupted installs and provide easy rollback options if you encounter problems.

---

How to validate the update (don't skip this)​

Because the driver installs kernel-level components, validating authenticity is non-negotiable.

• Confirm the digital signature: Windows will show a valid Authenticode signature belonging to NVIDIA Corporation. That is the strongest guarantee the package came from NVIDIA and hasn’t been tampered with.
• Cross-check file metadata: confirm file name, size, and published release date match NVIDIA’s official download entry.
• If you have checksum values published by the vendor, verify SHA256 or SHA1 before executing the installer.
• For enterprise systems, test in a non-production image and audit logs for any unexpected behavior before rolling out fleet-wide.

Never run repackaged or third-party altered installers without verification—modified installers can and have been used to slip malicious payloads into drivers in other contexts.

---

Rollbacks and troubleshooting (if the update causes trouble)​

A small percentage of users will encounter post-install issues—black screens, app crashes, or stability regressions. If that happens:

• Use Windows System Restore or a pre-update backup to return to the previous state.
• Boot to Safe Mode and run Display Driver Uninstaller (DDU) to remove driver remnants, then reinstall the prior driver branch if needed.
• Collect incident data: Windows Event Viewer logs, BSOD minidump, GPU-Z logs, or the NVIDIA installer log will help debug the problem.
• If problems persist across re-installs, consider RMA or hardware checks—artifacting or instability can indicate aging hardware faults.

---

Enterprise and vGPU implications​

CVE-2025-33220 specifically targets vGPU Virtual GPU Manager code paths that run in the hypervisor/host context. That’s a different threat model:

• A malicious guest with access to a vGPU could trigger heap use-after-free conditions in the Virtual GPU Manager, potentially compromising the host or other guests.
• Organizations running NVIDIA vGPU software (VMware vSphere, XenServer, KVM), especially in multi-tenant environments, should prioritize these host-side patches and the vGPU manager updates listed in NVIDIA’s bulletin.
• Follow vendor guidance: update host managers and guest drivers in the correct order (often host/vGPU manager first, then guest drivers) and test updates on non-production VMs.

If you operate a cloud, VDI, or multi-tenant environment where GPU sharing is used, treat this update as urgent and coordinate maintenance windows—an exploited vGPU vulnerability can escalate to a private-cloud compromise.

---

Linux users: what to know​

Linux systems using NVIDIA’s kernel module are affected by CVE-2025-33219. The non-tree kernel module exposes similar Integer Overflow risks as Windows. Linux administrators should:

• Update the NVIDIA kernel module packages to the versions specified in vendor advisories and distribution security trackers.
• For distribution-managed drivers (packaged by your Linux distro), watch the distro’s security channels for patched packages and install them via your package manager to preserve kernel module compatibility.
• Rebuild DKMS/NVIDIA modules against the running kernel if required, and reboot to activate the new kernel module.

Distributions with long-term support or enterprise channels often publish their own advisories; follow distro guidance for timing and package selection.

---

NVIDIA’s communication: strengths and shortcomings​

There are two clear positives in this rollout:

• NVIDIA maintained a clear policy to continue security updates for legacy architectures—this reduces long-tail exposure for users and organizations that still rely on older hardware.
• The company published a security bulletin that enumerates CVE IDs, CVSS scores, affected components, and affected driver branches—this is the kind of transparency security teams need.

However, another common shortcoming persists: the driver release notes themselves do not enumerate the specific CVEs or describe the mechanism of the fixes. That omission forces security teams and journalists to cobble together information from the security bulletin, vendor manifests, and third-party coverage. For security-minded admins, publishing CVE-OSV-like summaries directly inside release notes speeds triage and deployment.
In short: NVIDIA handled the technical remediation correctly, but the packaging of vulnerability details across separate pages complicates fast, operational decision-making.

---

Practical recommendations (who should update and when)​

• Desktop gamers and home users with affected Maxwell/Pascal/Volta cards: install 582.28 at your next maintenance window. It closes high-severity issues and presents little downside for non-critical systems.
• Enterprise desktops and workstations using legacy GPUs: schedule testing and deploy the update via your standard patch-management pipeline after verifying installer signatures.
• Virtualized and VDI environments using NVIDIA vGPU: prioritize host/vGPU manager updates and validate the vGPU manager/guest-driver order announced by the vendor.
• Linux servers and workstations: install distribution-provided NVIDIA kernel module updates or vendor-supplied packages and reboot to ensure the patched kernel module is active.

Always validate digital signatures and test in a non-production environment if you manage a fleet.

---

Risks and mitigation if you cannot update immediately​

If you cannot patch immediately because of operational constraints:

• Restrict untrusted code execution on endpoints (harden browsers, block unsigned code execution, lift privileges for critical apps).
• For vGPU environments, isolate tenants and restrict access to guests that do not require GPU acceleration.
• Monitor threat feeds and EDR telemetry for exploits targeting the disclosed CVE classes (use-after-free, integer overflow) and escalate if you see correlated suspicious activity.
• Plan a rapid update window—these are high-severity issues that should not sit unpatched on enterprise endpoints.

---

Final analysis: what 582.28 means for the long tail of NVIDIA hardware​

582.28 is a pragmatic, necessary patch. It reflects a sensible vendor policy: continue closing critical security holes even after feature support ends. That approach acknowledges real-world usage patterns where older GPUs remain in service for years.
From a security standpoint, this is positive; the vendor is maintaining a baseline level of protection for older silicon. From a product-lifecycle perspective, it’s also honest: users get security fixes without the expectation of new features or performance gains. That clarity helps IT planners make long-term upgrade decisions.
On the flip side, the lack of CVE details in the driver notes, and the fragmentation of vendor documentation across a release manifest and a separate security bulletin, makes operational triage slower than it should be. For organizations that require the fastest possible risk assessment, embedding CVE descriptions directly into the driver release notes or providing an explicit remediation timeline would improve response times.

---

Quick-reference checklist​

• Confirm your GPU model; if it’s GeForce 10-series, 900-series, 700-series, or Titan Pascal/Volta, schedule the update.
• Download 582.28 WHQL from NVIDIA’s official driver portal or your organization’s approved sources.
• Verify the digital signature and file metadata before running the installer.
• Choose Custom install and Clean installation if you suspect prior driver instability.
• For vGPU hosts, follow vendor guidance for updating host/vGPU manager and guest drivers in the correct order.
• If you cannot update, harden endpoints and monitor telemetry for suspicious activity.

---

NVIDIA’s GeForce Security Update 582.28 WHQL is not exciting in the way a feature driver is, but that is the point: it reduces risk on hardware that will otherwise be left behind. Installing it is a low-friction, high-return defensive move for anyone still running these older GPUs—provided you validate the package first and follow your organization’s change-control procedures.

---

Source: Windows Central Have an older NVIDIA GPU? You should grab this security driver update.