EUVD-2026-35082
GHSA-j38r-mp7c-vxww
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.
By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory.
AnalysisAI
Kernel heap memory corruption in Imagination Technologies Graphics DDK allows a non-privileged local user to crash or destabilize the kernel by issuing crafted GPU system calls. The flaw affects Graphics DDK 24.2 RTM, 25.1 RTM through 25.3 RTM, and 26.1 RTM, and impacts any device shipping the affected PowerVR/IMG GPU driver stack. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must already be able to execute unprivileged code on the target device - typically by getting a malicious app installed or running a binary as any local user - and the device must expose the Imagination Graphics DDK GPU device node to that user (the normal configuration on PowerVR-based Android, embedded, and automotive platforms). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals here conflict and must be reconciled before prioritisation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious Android app or other untrusted local binary obtains normal user-level execution on a device using a vulnerable PowerVR GPU driver, opens the GPU device node, and issues a sequence of resource-creation ioctls with the specific parameter combination that triggers the heap overflow. The corruption is used at minimum to crash the kernel (denial of service) and, with further exploitation work, potentially to overwrite adjacent kernel objects for local privilege escalation. … |
| Remediation | Patch available per vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/; consult Imagination's GPU driver vulnerabilities page for the specific fixed DDK release that supersedes 24.2 / 25.x / 26.1 RTM, then coordinate with the SoC vendor or OEM to obtain a BSP update incorporating that fix, since end devices rarely consume DDK directly. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all devices in production environments running Imagination Technologies Graphics DDK versions 24.2 RTM, 25.1-25.3 RTM, or 26.1 RTM. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Local privilege escalation and integrity compromise in Imagination Technologies Graphics DDK (GPU driver) allows non-pri
Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of
An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secur
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound
Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pa
Share
External POC / Exploit Code
Leaving vuln.today