HIGHCVE-2026-22163Published 2026-03-20Modified 2026-03-23CNA imaginationtech

CVE-2026-22163: GPU DDK - Unsafe writing of MMU PT entries on systems with 32-bit host CPU

Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.

CVSS v3.1: 7.8
Severity: HIGH
Fixed in: 26.1 RTM
Affected Products: 1

Fix available

26.1 RTM

Affected packages

Imagination Technologies / Graphics DDK
1.17 RTM · 1.18 RTM · 23.2 RTM · ≤ 24.2 RTM · ≤ 25.3 RTM
Fixed in 26.1 RTM

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

References

imaginationtech.com

Metrics

Fix available