CRITICALCVE-2026-21732Published 2026-03-20Modified 2026-03-23CNA imaginationtech

CVE-2026-21732: GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access.

CVSS v3.1: 9.6
Severity: CRITICAL
Fixed in: 1.17 RTM
Affected Products: 1

Fix available

1.17 RTM1.18 RTM25.2 RTM

Affected packages

Imagination Technologies / Graphics DDK
23.2 RTM · ≤ 25.1 RTM
Fixed in 1.17 RTM, 1.18 RTM, 25.2 RTM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

imaginationtech.com

Metrics

Fix available