EUVD-2026-33627
GHSA-9j5v-4c6x-8694
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory.
A logic error in the address translation allowed a compromised Host (Kernel) to perform arbitrary writes to firmware memory.
AnalysisAI
Arbitrary firmware memory writes in Imagination Technologies Graphics DDK affect multiple DDK versions across Guest/Host VM deployments. A logic error in GPU driver address translation permits kernel-level software within a VM to issue malformed commands to GPU firmware, causing writes to memory regions outside the intended GPU memory boundary. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to operate at Host kernel level within a Guest/Host VM environment where the affected Imagination Technologies Graphics DDK (versions 1.18 RTM, 23.2 RTM, 24.2 RTM, 25.1-25.3 RTM, or 26.1 RTM1) is installed and active. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.3 Medium score is driven by AV:A (Adjacent Network), which substantially limits the exploitable population to attackers sharing the same logical GPU memory or hypervisor boundary - this is not remotely exploitable from the internet without first achieving co-tenancy or hypervisor-level adjacency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker operating at the kernel level within a co-tenant or adjacent VM in a shared GPU virtualization environment crafts malformed GPU firmware commands using the compromised Host kernel driver. The address translation logic error fails to constrain the firmware write target, causing the GPU firmware to write attacker-influenced data to arbitrary firmware memory addresses outside its intended allocation. … |
| Remediation | Apply the vendor-released patch from Imagination Technologies' GPU driver vulnerabilities advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/ - the exact fixed DDK version number is not independently specified in the available data and must be confirmed directly from the vendor advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Kernel heap memory corruption in Imagination Technologies Graphics DDK allows a non-privileged local user to crash or de
Local privilege escalation and integrity compromise in Imagination Technologies Graphics DDK (GPU driver) allows non-pri
Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of
An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secur
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound
Share
External POC / Exploit Code
Leaving vuln.today