How is CVE-2026-22164 exploited?

Network reachability (required): The vulnerable interface is exposed over the network, meaning an attacker must be able to reach the service remotely to deliver malicious GPU system calls. Authentication (not-required): No credentials or account are needed; an unauthenticated attacker can interact with the affected interface directly. Victim interaction (not-required): No action from a logged-in user or administrator is required for the exploit to succeed. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other unpredictable environmental factors.

What is the impact of CVE-2026-22164?

A successful attacker corrupts kernel heap memory on the affected host, which crashes the kernel and takes down the entire system. All workloads running on the affected node lose availability for the duration of the crash and any subsequent restart cycle. Kernel heap corruption can render the host unresponsive to orchestration signals, potentially triggering cascading rescheduling pressure across a cluster.

Back to search

HIGHCVE-2026-22164Published 2026-06-08Modified 2026-06-08CNA imaginationtech

CVE-2026-22164: GPU DDK - Kernel heap OOB write in DevmemIntComputeVirtualIndicesFromLogical

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory.

CVSS v3.1: 7.5
Severity: HIGH
Fixed in: 1.18 RTM
Affected Products: 1

HarborGuard Analysis

Synopsis

A kernel heap out-of-bounds write vulnerability exists in the Imagination Technologies Graphics DDK, specifically in the DevmemIntComputeVirtualIndicesFromLogical interface. The vulnerability is reachable over the network with no authentication required and no user interaction needed, as described by the CVSS vector. Successful exploitation allows an attacker to corrupt kernel heap memory, resulting in a denial of service against the affected system. A patched-image rebuild at fix versions 1.18 RTM and 23.2 RTM is available on HarborGuard for environments running an affected DDK version.

HarborGuard Coverage

Detection

Detection for CVE-2026-22164 is available across every HarborGuard environment, with the CVE matched against images in customer registries and CI/CD pipelines within minutes of publication. Coverage extends to custom-built images that bundle affected Graphics DDK versions, not only upstream base images.

Available

Triage

HarborGuard scores this CVE at 7.5 HIGH using the CVSS v3.1 vector and applies each customer organization's compliance policy weighting to determine escalation priority. Triage routing directs findings to the appropriate team inbox within each customer org based on configured ownership rules.

Available

Patch

A patched-image rebuild targeting fix versions 1.18 RTM and 23.2 RTM is available on HarborGuard for images confirmed to carry an affected DDK version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled.

Available

Exploit Conditions

Network reachabilityRequired
The vulnerable interface is exposed over the network, meaning an attacker must be able to reach the service remotely to deliver malicious GPU system calls.
AuthenticationNot required
No credentials or account are needed; an unauthenticated attacker can interact with the affected interface directly.
Victim interactionNot required
No action from a logged-in user or administrator is required for the exploit to succeed.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other unpredictable environmental factors.

Blast Radius

A successful attacker corrupts kernel heap memory on the affected host, which crashes the kernel and takes down the entire system.
All workloads running on the affected node lose availability for the duration of the crash and any subsequent restart cycle.
Kernel heap corruption can render the host unresponsive to orchestration signals, potentially triggering cascading rescheduling pressure across a cluster.

How HarborGuard Handles This

Available on HarborGuard: CVE-2026-22164 is matched against scanned images immediately upon ingest, flagging any image that bundles Graphics DDK versions 24.2 RTM, up to and including 25.3 RTM, or 26.1 RTM. Where compliance policy permits and auto-remediation is enabled, HarborGuard rebuilds the image at fix version 1.18 RTM or 23.2 RTM, runs regression tests, and opens a pull request against affected workloads; for high-severity issues, the median time from publication to merged patch PR is around 90 minutes. For customers who have not yet enabled auto-remediation, the vulnerability report is routed to the configured owner inbox with CVSS scoring and policy-weighted priority to support manual triage. As a compensating control while remediation is in progress, network-policy isolation restricting access to GPU-backed services can reduce the pool of hosts able to reach the vulnerable interface.

See how HarborGuard automates this

Fix available

1.18 RTM23.2 RTM

Affected packages

Imagination Technologies / Graphics DDK
24.2 RTM · ≤ 25.3 RTM · 26.1 RTM
Fixed in 1.18 RTM, 23.2 RTM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

imaginationtech.com

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available