Skip to main content

Graphics DDK EUVDEUVD-2026-39785

| CVE-2026-21734 HIGH
Use of Out-of-range Pointer Offset (CWE-823)
2026-06-26 imaginationtech GHSA-c5qr-j92g-m289
7.7
CVSS 3.1 · Vendor: imaginationtech
Share

Severity by source

Vendor (imaginationtech) PRIMARY
7.7 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
vuln.today AI
7.1 HIGH

Local GPU compiler is the attack surface (AV:L) but the victim must load a malicious web page (UI:R); no auth needed (PR:N); memory corruption yields high integrity/availability impact, no data disclosure (C:N).

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (imaginationtech).

CVSS VectorVendor: imaginationtech

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 26, 2026 - 20:23 vuln.today
CVSS changed
Jun 26, 2026 - 20:22 NVD
7.7 (HIGH)
CVE Published
Jun 26, 2026 - 15:14 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.

An edge case using a very small value in GPU shader code can cause a segmentation fault in the GPU shader compiler due to am out-of-bounds write.

AnalysisAI

Out-of-bounds write in Imagination Technologies' Graphics DDK GPU shader compiler lets a crafted web page containing unusual or edge-case shader code (e.g. WebGL/compute shaders using a very small value) corrupt memory and crash the GPU compiler process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Host web page with malicious GPU shader
Delivery
Victim loads page on PowerVR device
Exploit
Shader passed to Graphics DDK compiler
Execution
Edge-case value triggers out-of-bounds write
Persist
Compiler process memory corrupted/crashes
Impact
Escalate via system-privileged compiler process

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim's device to compile attacker-supplied GPU shader code - specifically a web page delivering unusual shader code (the description cites an edge case using a very small value) to the Graphics DDK shader compiler, e.g. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS:3.1 vector (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H, base 7.7) indicates local attack vector with low complexity and no privileges, no confidentiality impact, but high integrity and availability impact - consistent with a memory-corruption crash that may be steerable into code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a web page embedding a malicious WebGL/WebGPU shader that uses the triggering edge-case value; when a victim on an affected PowerVR device visits the page, the shader is handed to the Graphics DDK compiler, which performs an out-of-bounds write and crashes (denial of service). On platforms where the compiler process holds system privileges, the attacker attempts to shape the memory corruption into code execution to escalate on the device. …
Remediation Apply the fixed Graphics DDK release from Imagination Technologies as distributed by your SoC/device vendor; consult the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/ for the corrected RTM version applicable to your DDK branch (25.x, 24.x, 23.2, or 1.18), as no single exact fix version was provided in the input - Patch available per vendor advisory, released patched version not independently confirmed here. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit your infrastructure to identify all systems running Imagination Technologies GPU DDK and determine whether the GPU shader compiler process executes with system-level privileges. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-41157 CRITICAL
9.8 Jun 12

Out-of-bounds write in the Imagination Technologies Graphics DDK (GPU user-space driver) can be triggered when a victim

CVE-2026-21732 CRITICAL
9.6 Mar 20

GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with

CVE-2026-34195 HIGH
8.8 Jun 12

Out-of-bounds kernel write in Imagination Technologies Graphics DDK (PowerVR GPU driver) allows a local non-privileged p

CVE-2026-41154 HIGH
7.8 Jul 10

Out-of-bounds kernel memory read/write in Imagination Technologies Graphics DDK (the driver kit for PowerVR GPUs) allows

CVE-2026-7639 HIGH
7.8 Jul 10

Local memory-corruption escalation in Imagination Technologies' Graphics DDK (the PowerVR GPU driver stack) lets an unpr

CVE-2026-34196 HIGH
7.8 Jul 10

Local privilege escalation in Imagination Technologies' Graphics DDK (PowerVR GPU driver) lets a non-privileged user tri

CVE-2026-45196 HIGH
7.8 Jul 10

Privilege escalation in Imagination Technologies' Graphics DDK GPU driver allows kernel-level software inside a Host VM

CVE-2026-45203 HIGH
7.8 Jul 10

Local privilege escalation and memory corruption in Imagination Technologies Graphics DDK (PowerVR GPU driver kit) lets

CVE-2026-45195 HIGH
7.8 Jun 26

Improper privilege handling in Imagination Technologies' Graphics DDK GPU driver lets privileged kernel code inside a Ho

CVE-2026-41158 HIGH
7.8 Jun 12

Local privilege escalation in Imagination Technologies Graphics DDK (GPU kernel driver) allows non-privileged users to i

CVE-2026-22163 HIGH
7.8 Mar 20

Unsafe IOCTL handling in the DDK kernel module allows local attackers with limited privileges to bypass GPU memory prote

CVE-2026-41156 HIGH
7.7 Jun 19

Local privilege escalation and denial of service in Imagination Technologies Graphics DDK arises from a write use-after-

Share

EUVD-2026-39785 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy