Skip to main content

Imagination Graphics DDK CVE-2026-41154

| EUVDEUVD-2026-43034 HIGH
Out-of-bounds Write (CWE-787)
2026-07-10 imaginationtech GHSA-cf99-7243-p2v7
7.8
CVSS 3.1 · Vendor: imaginationtech
Share

Severity by source

Vendor (imaginationtech) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local unprivileged user (AV:L/PR:L) reliably triggers OOB kernel write via GPU API (AC:L), yielding full kernel compromise so C/I/A all High.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (imaginationtech).

CVSS VectorVendor: imaginationtech

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jul 13, 2026 - 19:29 vuln.today
CVSS changed
Jul 13, 2026 - 19:22 NVD
7.8 (HIGH)
CVE Published
Jul 10, 2026 - 20:46 cve.org
HIGH 7.8
CVE Published
Jul 10, 2026 - 20:46 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls.

When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access.

AnalysisAI

Out-of-bounds kernel memory read/write in Imagination Technologies Graphics DDK (the driver kit for PowerVR GPUs) allows a non-privileged local user to corrupt kernel memory through crafted GPU API calls, potentially achieving privilege escalation. The flaw stems from incorrect buffer indexing in the sparse-memory page-freeing path when pages larger than 4kB are handled. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Run unprivileged app on device
Delivery
Invoke GPU sparse-memory API with >4kB pages
Exploit
Trigger faulty index in page-freeing logic
Execution
OOB write into kernel memory
Persist
Corrupt kernel structures
Impact
Escalate to privileged/kernel control

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already have local code execution as a non-privileged user on a device running the affected Imagination Graphics DDK (PR:L, AV:L), and to be able to invoke the GPU driver's API. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H = 7.8) describes a local, low-complexity attack by an already-authenticated low-privileged user yielding high confidentiality, integrity, and availability impact - a classic local kernel privilege-escalation profile, consistent with the description of a non-privileged user triggering OOB kernel reads/writes. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious or compromised app running as an ordinary unprivileged user on a device with a PowerVR GPU issues crafted GPU API calls that exercise the sparse-memory page-freeing path with pages larger than 4kB. The incorrect buffer index drives an out-of-bounds write into kernel memory, which the attacker shapes to corrupt kernel structures and escalate to full device compromise. …
Remediation Update the Imagination Graphics DDK to a fixed release beyond the affected 24.2 RTM2, 25.1 RTM2-25.3 RTM, and 26.1 RTM1 versions as directed by the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/; an exact patched version string is not enumerated in the provided data, so treat the fix as available per vendor advisory and confirm the target build with Imagination or your SoC/device integrator before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, conduct a comprehensive inventory of systems running Imagination Technologies Graphics DDK and categorize by deployment criticality and user base size. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-41157 CRITICAL
9.8 Jun 12

Out-of-bounds write in the Imagination Technologies Graphics DDK (GPU user-space driver) can be triggered when a victim

CVE-2026-21732 CRITICAL
9.6 Mar 20

GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with

CVE-2026-34195 HIGH
8.8 Jun 12

Out-of-bounds kernel write in Imagination Technologies Graphics DDK (PowerVR GPU driver) allows a local non-privileged p

CVE-2026-7639 HIGH
7.8 Jul 10

Local memory-corruption escalation in Imagination Technologies' Graphics DDK (the PowerVR GPU driver stack) lets an unpr

CVE-2026-34196 HIGH
7.8 Jul 10

Local privilege escalation in Imagination Technologies' Graphics DDK (PowerVR GPU driver) lets a non-privileged user tri

CVE-2026-45196 HIGH
7.8 Jul 10

Privilege escalation in Imagination Technologies' Graphics DDK GPU driver allows kernel-level software inside a Host VM

CVE-2026-45203 HIGH
7.8 Jul 10

Local privilege escalation and memory corruption in Imagination Technologies Graphics DDK (PowerVR GPU driver kit) lets

CVE-2026-45195 HIGH
7.8 Jun 26

Improper privilege handling in Imagination Technologies' Graphics DDK GPU driver lets privileged kernel code inside a Ho

CVE-2026-41158 HIGH
7.8 Jun 12

Local privilege escalation in Imagination Technologies Graphics DDK (GPU kernel driver) allows non-privileged users to i

CVE-2026-22163 HIGH
7.8 Mar 20

Unsafe IOCTL handling in the DDK kernel module allows local attackers with limited privileges to bypass GPU memory prote

CVE-2026-21734 HIGH
7.7 Jun 26

Out-of-bounds write in Imagination Technologies' Graphics DDK GPU shader compiler lets a crafted web page containing unu

CVE-2026-41156 HIGH
7.7 Jun 19

Local privilege escalation and denial of service in Imagination Technologies Graphics DDK arises from a write use-after-

Share

CVE-2026-41154 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy