CVE-2026-34193

MEDIUM

Imagination Graphics DDK - Firmware Memory Arbitrary Write

Title source: manual

Description

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host (Kernel) to perform arbitrary writes to firmware memory.

References (1)

Core 1

Core References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Scores

CVSS v3 4.3

EPSS 0.0014

EPSS Percentile 3.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-823

Status published

Products (6)

Imagination Technologies/Graphics DDK 1.18 RTM

Imagination Technologies/Graphics DDK 23.2 RTM

Imagination Technologies/Graphics DDK 24.2 RTM

Imagination Technologies/Graphics DDK 25.1 RTM - 25.3 RTM

Imagination Technologies/Graphics DDK 26.1 RTM1

Imagination Technologies/Graphics DDK 26.1 RTM2

Published Jun 01, 2026

Tracked Since Jun 01, 2026