CVE-2026-22167

HIGH

Imagination Technologies Graphics DDK - GPU Arbitrary Physical Memory Write

Title source: manual

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. This attack can lead the GPU to perform write operations on restricted internal GPU buffers that can lead to a second order affect of corrupted arbitrary physical memory.

References (1)

Core 1

Core References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 4.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-119

Status published

Products (7)

Imagination Technologies/Graphics DDK 1.18 RTM

Imagination Technologies/Graphics DDK 23.2 RTM

Imagination Technologies/Graphics DDK 24.1 RTM - 24.2 RTM

Imagination Technologies/Graphics DDK 25.1 RTM - 25.3 RTM

Imagination Technologies/Graphics DDK 26.1 RTM

imaginationtech/ddk 25.3 rtm

imaginationtech/ddk < 25.2

Published May 01, 2026

Tracked Since May 01, 2026