HIGHCVE-2026-22165Published Modified CNA imaginationtech
CVE-2026-22165: GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the device.
Metrics
- CVSS v3.1
- 8.1
- Severity
- HIGH
- Fixed in
- 26.1 RTM
- Affected Products
- 1
Fix available
26.1 RTM
Affected packages
- Imagination Technologies / Graphics DDK1.18 RTM · 23.2 RTM · ≤ 24.2 RTM · ≤ 25.3 RTMFixed in 26.1 RTM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HReferences