Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Unprivileged local user with GPU access (AV:L, PR:L) reliably triggers the flaw (AC:L, UI:N); arbitrary physical memory access yields high C/I/A within an unchanged scope (S:U).
Primary rating from Vendor (imaginationtech).
CVSS VectorVendor: imaginationtech
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code.
Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory.
AnalysisAI
Local memory-corruption escalation in Imagination Technologies' Graphics DDK (the PowerVR GPU driver stack) lets an unprivileged user trigger a use-after-free by issuing an improper sequence of GPU system calls. By forcing a failure path in the MMU mapping logic, an attacker leaves internal driver state incompletely cleaned up, enabling unauthorized read/write access to physical memory from shader code. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires the ability to execute code as an unprivileged local user on a device using the Imagination Graphics DDK, and specifically the ability to submit GPU system calls and shader code (access to the GPU/compute interface) - consistent with CVSS PR:L and AV:L. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base 7.8 HIGH) describes a local, low-complexity attack requiring only low (unprivileged-user) privileges and no user interaction, with high impact across all three properties - consistent with the description of an unprivileged local user achieving arbitrary physical memory access. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unprivileged local user or untrusted application on a device with a vulnerable PowerVR driver submits a crafted sequence of GPU system calls that forces an error in the MMU mapping path, leaving a stale mapping behind. The attacker then uses shader code against the dangling state to read and write physical memory outside its sandbox, escalating privileges or extracting other processes' secrets. … |
| Remediation | Update the Imagination Graphics DDK to a fixed release per Imagination Technologies' GPU driver security advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/; the input enumerates affected RTM builds (1.18, 23.2, 24.2, 25.1-25.3, 26.1 RTM1) but does not include an exact patched version, so the released patched version is not independently confirmed from the provided data and should be obtained from the vendor or SoC integrator. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory systems running Imagination Technologies PowerVR graphics DDK and assess which devices permit local user access, prioritizing automotive and industrial control systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Graphics Ddk
View allOut-of-bounds write in the Imagination Technologies Graphics DDK (GPU user-space driver) can be triggered when a victim
GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with
Out-of-bounds kernel write in Imagination Technologies Graphics DDK (PowerVR GPU driver) allows a local non-privileged p
Out-of-bounds kernel memory read/write in Imagination Technologies Graphics DDK (the driver kit for PowerVR GPUs) allows
Local privilege escalation in Imagination Technologies' Graphics DDK (PowerVR GPU driver) lets a non-privileged user tri
Privilege escalation in Imagination Technologies' Graphics DDK GPU driver allows kernel-level software inside a Host VM
Local privilege escalation and memory corruption in Imagination Technologies Graphics DDK (PowerVR GPU driver kit) lets
Improper privilege handling in Imagination Technologies' Graphics DDK GPU driver lets privileged kernel code inside a Ho
Local privilege escalation in Imagination Technologies Graphics DDK (GPU kernel driver) allows non-privileged users to i
Unsafe IOCTL handling in the DDK kernel module allows local attackers with limited privileges to bypass GPU memory prote
Out-of-bounds write in Imagination Technologies' Graphics DDK GPU shader compiler lets a crafted web page containing unu
Local privilege escalation and denial of service in Imagination Technologies Graphics DDK arises from a write use-after-
Same weakness CWE-459 – Incomplete Cleanup
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43037
GHSA-q4g7-pm99-9f7g