GPU DDK – UAF read and/or write to arbitrary physical...

7.1 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation.

The product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled across buffers of different sizes.

Basic Information

ID CVE-2026-34194

Source imaginationtech

Published Jun 8, 2026 at 14:58

Modified Jun 8, 2026 at 18:55

Affected Product

Vendor Imagination Technologies

Product Graphics DDK

Version 1.18 RTM

Affected Versions Imagination Technologies Graphics DDK 24.2 RTM
Imagination Technologies Graphics DDK 25.1 RTM
Imagination Technologies Graphics DDK 26.1 RTM

CWE Classification

CWE-468

References

www.imaginationtech.com /gpu-driver-vulnerabilities/

{
    "lastseen": "",
    "description": "Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation.\n\n\n\nThe product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled across buffers of different sizes.",
    "published": "2026-06-08T14:58:40.452Z",
    "modified": "2026-06-08T18:55:08.798Z",
    "type": "cve",
    "title": "GPU DDK - UAF read and/or write to arbitrary physical pages in DevmemIntChangeSparse due to incorrect calculation of the virtual index count",
    "source": "imaginationtech",
    "references": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/",
    "id": "CVE-2026-34194",
    "bulletinFamily": "",
    "cwe": [
        "CWE-468"
    ],
    "cvelist": null,
    "sourceData": "Imagination Technologies Graphics DDK 24.2 RTM\nImagination Technologies Graphics DDK 25.1 RTM\nImagination Technologies Graphics DDK 26.1 RTM",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Graphics DDK",
    "version": "1.18 RTM",
    "vendor": "Imagination Technologies",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

GPU DDK – UAF read and/or write to arbitrary physical pages in DevmemIntChangeSparse due to incorrect calculation of the virtual index count_CVE-2026-34194