CVE 9.6 CRITICAL

GPU DDK – Write UAF in KEGLGetPoolBuffers, WebGL reachable_CVE-2026-22166

May 1, 2026 invoker category_cve

9.6 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the system.

AI Analysis

Write UAF crash in the GPU GLES user-space shared library via unusual WebGPU content

Basic Information

ID CVE-2026-22166

Source imaginationtech

Published May 1, 2026 at 15:59

Modified May 1, 2026 at 18:03

Affected Product

Vendor Imagination Technologies

Product Graphics DDK

Version 1.18 RTM, 23.2 RTM, 24.1 RTM, 25.1 RTM

Affected Versions Imagination Technologies Graphics DDK 1.18 RTM
Imagination Technologies Graphics DDK 23.2 RTM
Imagination Technologies Graphics DDK 24.1 RTM
Imagination Technologies Graphics DDK 25.1 RTM

CWE Classification

CWE-416

AI Assessment

AI Score 9.6 / 10

AI Severity Critical

Vendor Imagination Technologies

Product Graphics DDK

Version 1.18 RTM, 23.2 RTM, 24.1 RTM, 25.1 RTM

References

www.imaginationtech.com /gpu-driver-vulnerabilities/

{
    "lastseen": "",
    "description": "A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the system.",
    "published": "2026-05-01T15:59:56.871Z",
    "modified": "2026-05-01T18:03:17.975Z",
    "type": "cve",
    "title": "GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable",
    "source": "imaginationtech",
    "references": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/",
    "id": "CVE-2026-22166",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416"
    ],
    "cvelist": null,
    "sourceData": "Imagination Technologies Graphics DDK 1.18 RTM\nImagination Technologies Graphics DDK 23.2 RTM\nImagination Technologies Graphics DDK 24.1 RTM\nImagination Technologies Graphics DDK 25.1 RTM",
    "sourceHref": "",
    "cvss": {
        "score": 9.6,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Graphics DDK",
    "version": "1.18 RTM, 23.2 RTM, 24.1 RTM, 25.1 RTM",
    "vendor": "Imagination Technologies",
    "ai_description": "Write UAF crash in the GPU GLES user-space shared library via unusual WebGPU content",
    "ai_severity": "Critical",
    "ai_vendor": "Imagination Technologies",
    "ai_product": "Graphics DDK",
    "ai_version": "1.18 RTM, 23.2 RTM, 24.1 RTM, 25.1 RTM",
    "ai_score": 9.6
}

💭 Join the Security Discussion ❌ Cancel Reply