7.8

CVE-2026-45195

GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel.



Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ImaginationtechDdk Version <= 25.3
ImaginationtechDdk Version26.1 Updatertm1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.013
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-280 Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

https://www.imaginationtech.com/gpu-driver-vulnerabilities/
Vendor Advisory