GPU DDK – Incorrect flags validation in RGXDerivePTEProt8 can allow...

7.3 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files.

This is caused by improper handling of GPU memory reservation protections.

Basic Information

ID CVE-2026-21733

Source imaginationtech

Published Apr 17, 2026 at 16:08

Modified Apr 17, 2026 at 17:20

Affected Product

Vendor Imagination Technologies

Product Graphics DDK

Version 1.17 RTM

Affected Versions Imagination Technologies Graphics DDK 1.17 RTM
Imagination Technologies Graphics DDK 1.18 RTM
Imagination Technologies Graphics DDK 23.2 RTM
Imagination Technologies Graphics DDK 24.1 RTM
Imagination Technologies Graphics DDK 25.1 RTM

CWE Classification

CWE-280

References

www.imaginationtech.com /gpu-driver-vulnerabilities/

{
    "lastseen": "",
    "description": "Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files.\n\nThis is caused by improper handling of GPU memory reservation protections.",
    "published": "2026-04-17T16:08:25.661Z",
    "modified": "2026-04-17T17:20:54.424Z",
    "type": "cve",
    "title": "GPU DDK - Incorrect flags validation in RGXDerivePTEProt8 can allow GPU to overwrite read-only shared memory (e.g. libc.so)",
    "source": "imaginationtech",
    "references": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/",
    "id": "CVE-2026-21733",
    "bulletinFamily": "",
    "cwe": [
        "CWE-280"
    ],
    "cvelist": null,
    "sourceData": "Imagination Technologies Graphics DDK 1.17 RTM\nImagination Technologies Graphics DDK 1.18 RTM\nImagination Technologies Graphics DDK 23.2 RTM\nImagination Technologies Graphics DDK 24.1 RTM\nImagination Technologies Graphics DDK 25.1 RTM",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Graphics DDK",
    "version": "1.17 RTM",
    "vendor": "Imagination Technologies",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

GPU DDK – Incorrect flags validation in RGXDerivePTEProt8 can allow GPU to overwrite read-only shared memory (e.g. libc.so)_CVE-2026-21733