CVE-2026-22167

GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory

Title source: cna

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. This attack can lead the GPU to perform write operations on restricted internal GPU buffers that can lead to a second order affect of corrupted arbitrary physical memory.

References (1)

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-119

Status published

Products (5)

Imagination Technologies/Graphics DDK 1.18 RTM

Imagination Technologies/Graphics DDK 23.2 RTM

Imagination Technologies/Graphics DDK 24.1 RTM - 24.2 RTM

Imagination Technologies/Graphics DDK 25.1 RTM - 25.3 RTM

Imagination Technologies/Graphics DDK 26.1 RTM

Published May 01, 2026

Tracked Since May 01, 2026