Severity by source
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Requires malware code to misuse the DDK kernel module IOCTL interface.
Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.
The product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.
AnalysisAI
Unsafe IOCTL handling in the DDK kernel module allows local attackers with limited privileges to bypass GPU memory protections and write to arbitrary physical memory through race condition exploitation. This privilege escalation vulnerability affects systems using the vulnerable DDK driver and requires no user interaction to trigger. No patch is currently available.
Technical ContextAI
The vulnerability resides in Imagination Technologies' Graphics DDK (Driver Development Kit), a kernel-mode graphics driver component used across various GPU implementations. The root cause is classified as CWE-820 (Improper Synchronization), indicating that the IOCTL (Input/Output Control) interface of the DDK kernel module does not properly synchronize access to shared resources in concurrent contexts. The GPU is leveraged as a vehicle for performing memory operations because it has direct access to physical memory that can bypass normal memory protection mechanisms. When multiple execution contexts access the same shared resource without proper locking primitives or atomic operations, race conditions emerge that allow out-of-order or interleaved operations, permitting an attacker to manipulate GPU command queues or memory descriptors to write to arbitrary physical addresses.
RemediationAI
Apply the security patch released by Imagination Technologies for Graphics DDK by updating to the latest patched version available through the vendor's official security advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/. System administrators should prioritize this update, particularly for production systems and environments where kernel-mode execution or GPU access is available to untrusted code. As an interim measure pending patch deployment, restrict kernel-mode code execution and disable or restrict GPU access from untrusted user-space processes through kernel security modules (LSM, AppArmor, SELinux), implement memory access controls at the IOMMU/SMMU level to limit GPU DMA capabilities, and consider disabling GPU access entirely on systems where GPU functionality is not critical. Monitor kernel logs for suspicious IOCTL calls to the DDK driver interface.
More in Graphics Ddk
View allOut-of-bounds write in the Imagination Technologies Graphics DDK (GPU user-space driver) can be triggered when a victim
GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with
Out-of-bounds kernel write in Imagination Technologies Graphics DDK (PowerVR GPU driver) allows a local non-privileged p
Out-of-bounds kernel memory read/write in Imagination Technologies Graphics DDK (the driver kit for PowerVR GPUs) allows
Local memory-corruption escalation in Imagination Technologies' Graphics DDK (the PowerVR GPU driver stack) lets an unpr
Local privilege escalation in Imagination Technologies' Graphics DDK (PowerVR GPU driver) lets a non-privileged user tri
Privilege escalation in Imagination Technologies' Graphics DDK GPU driver allows kernel-level software inside a Host VM
Local privilege escalation and memory corruption in Imagination Technologies Graphics DDK (PowerVR GPU driver kit) lets
Improper privilege handling in Imagination Technologies' Graphics DDK GPU driver lets privileged kernel code inside a Ho
Local privilege escalation in Imagination Technologies Graphics DDK (GPU kernel driver) allows non-privileged users to i
Out-of-bounds write in Imagination Technologies' Graphics DDK GPU shader compiler lets a crafted web page containing unu
Local privilege escalation and denial of service in Imagination Technologies Graphics DDK arises from a write use-after-
Same weakness CWE-820 – Missing Synchronization
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13836