GPU DDK – UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and...

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Description

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the device.

Basic Information

ID CVE-2026-22165

Source imaginationtech

Published May 1, 2026 at 15:56

Modified May 1, 2026 at 19:24

Affected Product

Vendor Imagination Technologies

Product Graphics DDK

Version 1.18 RTM

Affected Versions Imagination Technologies Graphics DDK 1.18 RTM
Imagination Technologies Graphics DDK 23.2 RTM
Imagination Technologies Graphics DDK 24.1 RTM
Imagination Technologies Graphics DDK 25.1 RTM

CWE Classification

CWE-416

References

www.imaginationtech.com /gpu-driver-vulnerabilities/

{
    "lastseen": "",
    "description": "A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the device.",
    "published": "2026-05-01T15:56:17.132Z",
    "modified": "2026-05-01T19:24:51.079Z",
    "type": "cve",
    "title": "GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs",
    "source": "imaginationtech",
    "references": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/",
    "id": "CVE-2026-22165",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416"
    ],
    "cvelist": null,
    "sourceData": "Imagination Technologies Graphics DDK 1.18 RTM\nImagination Technologies Graphics DDK 23.2 RTM\nImagination Technologies Graphics DDK 24.1 RTM\nImagination Technologies Graphics DDK 25.1 RTM",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Graphics DDK",
    "version": "1.18 RTM",
    "vendor": "Imagination Technologies",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

GPU DDK – UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs_CVE-2026-22165