7.8

CVE-2026-22163

EPSS 0.02%
Veröffentlicht 20.03.2026 22:52:43
Zuletzt bearbeitet 21.04.2026 16:53:35
Quelle 367425dc-4d06-4041-9650-c2dc6a
CVE-Watchlists
Login
Unerledigt
Login

GPU DDK - Unsafe writing of MMU PT entries on systems with 32-bit host CPU

Requires malware code to misuse the DDK kernel module IOCTL interface.

Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.

The product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 6 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Imaginationtech ≫ Ddk Version >= 25.1 <= 25.3

Imaginationtech ≫ Ddk Version1.17

Imaginationtech ≫ Ddk Version1.18

Imaginationtech ≫ Ddk Version23.2

Imaginationtech ≫ Ddk Version24.1

Imaginationtech ≫ Ddk Version24.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.032

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.1	6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-820 Missing Synchronization

The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-22163

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22163

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22163

EUVD