Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-34195

Summary
Assigner-imaginationtech
Assigner Org ID-367425dc-4d06-4041-9650-c2dc6aaa27ce
Published At-12 Jun, 2026 | 21:43
Updated At-12 Jun, 2026 | 21:43
Rejected At-
Credits

GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:imaginationtech
Assigner Org ID:367425dc-4d06-4041-9650-c2dc6aaa27ce
Published At:12 Jun, 2026 | 21:43
Updated At:12 Jun, 2026 | 21:43
Rejected At:
▼CVE Numbering Authority (CNA)
GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping.

Affected Products
Vendor
Imagination Technologies LimitedImagination Technologies
Product
Graphics DDK
Platforms
  • Linux
  • Android
Default Status
unknown
Versions
Affected
  • 24.2 RTM (custom)
  • From 25.1 RTM through 25.3 RTM (custom)
Unaffected
  • 1.18 RTM (custom)
  • 23.2 RTM (custom)
  • 26.1 RTM (custom)
  • 26.2 RTM (custom)
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787: Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787: Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-8CAPEC-8: Buffer Overflow in an API Call
CAPEC ID: CAPEC-8
Description: CAPEC-8: Buffer Overflow in an API Call
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.imaginationtech.com/gpu-driver-vulnerabilities/
N/A
Hyperlink: https://www.imaginationtech.com/gpu-driver-vulnerabilities/
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:367425dc-4d06-4041-9650-c2dc6aaa27ce
Published At:12 Jun, 2026 | 22:16
Updated At:12 Jun, 2026 | 22:16

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-787Secondary367425dc-4d06-4041-9650-c2dc6aaa27ce
CWE ID: CWE-787
Type: Secondary
Source: 367425dc-4d06-4041-9650-c2dc6aaa27ce
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.imaginationtech.com/gpu-driver-vulnerabilities/367425dc-4d06-4041-9650-c2dc6aaa27ce
N/A
Hyperlink: https://www.imaginationtech.com/gpu-driver-vulnerabilities/
Source: 367425dc-4d06-4041-9650-c2dc6aaa27ce
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2026-41157
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-Not Assigned
EPSS-Not Assigned
Published-12 Jun, 2026 | 21:53
Updated-12 Jun, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - OOB Write in CalculateNPOTTwiddleSparsePageMap3D

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-21732
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-9.6||CRITICAL
EPSS-0.07% / 21.94%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 22:48
Updated-21 Apr, 2026 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-ddkGraphics DDK
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2024-47897
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 10:28
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - PVRSRVRGXGetEnabledHWPerfBlocksKM off-by-one OOB write

Software installed and run as a non-privileged user may conduct improper GPU system calls resulting in platform instability and reboots.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-787
Out-of-bounds Write
Details not found