Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-45195

Summary
Assigner-imaginationtech
Assigner Org ID-367425dc-4d06-4041-9650-c2dc6aaa27ce
Published At-26 Jun, 2026 | 15:18
Updated At-26 Jun, 2026 | 19:15
Rejected At-
Credits

GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:imaginationtech
Assigner Org ID:367425dc-4d06-4041-9650-c2dc6aaa27ce
Published At:26 Jun, 2026 | 15:18
Updated At:26 Jun, 2026 | 19:15
Rejected At:
▼CVE Numbering Authority (CNA)
GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.

Affected Products
Vendor
Imagination Technologies LimitedImagination Technologies
Product
Graphics DDK
Platforms
  • Linux
  • Android
Default Status
unknown
Versions
Affected
  • 1.18 RTM (custom)
  • 23.2 RTM (custom)
  • 24.2 RTM (custom)
  • From 25.1 RTM through 25.3 RTM (custom)
  • 26.1 RTM (custom)
Unaffected
  • 26.2 RTM (custom)
Problem Types
TypeCWE IDDescription
CWECWE-280CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.15)
Type: CWE
CWE ID: CWE-280
Description: CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.15)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-480CAPEC - CAPEC-480: Escaping Virtualization (Version 3.9)
CAPEC ID: CAPEC-480
Description: CAPEC - CAPEC-480: Escaping Virtualization (Version 3.9)
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.imaginationtech.com/gpu-driver-vulnerabilities/
N/A
Hyperlink: https://www.imaginationtech.com/gpu-driver-vulnerabilities/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:367425dc-4d06-4041-9650-c2dc6aaa27ce
Published At:26 Jun, 2026 | 16:16
Updated At:26 Jun, 2026 | 20:18

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-280Secondary367425dc-4d06-4041-9650-c2dc6aaa27ce
CWE ID: CWE-280
Type: Secondary
Source: 367425dc-4d06-4041-9650-c2dc6aaa27ce
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.imaginationtech.com/gpu-driver-vulnerabilities/367425dc-4d06-4041-9650-c2dc6aaa27ce
N/A
Hyperlink: https://www.imaginationtech.com/gpu-driver-vulnerabilities/
Source: 367425dc-4d06-4041-9650-c2dc6aaa27ce
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

54Records found

CVE-2025-3931
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.71%
||
7 Day CHG-0.00%
Published-14 May, 2025 | 11:54
Updated-11 Nov, 2025 | 09:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yggdrasil: local privilege escalation in yggdrasil

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Satellite 6Red Hat Enterprise Linux 10
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2025-30453
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.16% / 5.67%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-02 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to gain root privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2020-3427
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.30% / 21.95%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 18:15
Updated-13 Nov, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Duo Authentication for Windows Logon and RDP Privilege Escalation Vulnerability

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. Versions 4.1.2 of Windows Logon addresses this issue.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-duo_authentication_for_windows_logon_and_rdpDuo Authentication for Windows Logon and RDP
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2019-17437
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.8||HIGH
EPSS-0.34% / 25.42%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 14:11
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Custom-role users may escalate privileges

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • Next
Details not found