CVE-2026-21732 - Vulnerability Details

- GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation

Description

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.

An edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access.

Published: 2026-03-20

Score: 9.6 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An out‑of‑bounds write occurs in the libusc component of the Imagination Technologies Graphics DDK during the ConvertSwitchToArrayLookupBP routine for WebGPU shader compilation. The write corrupts memory, causing a segmentation fault, and on systems where the compiler process runs with system privileges this defect could be leveraged to elevate privileges or execute arbitrary code. The CVSS score of 9.6 reflects a high‑severity risk to confidentiality, integrity, and availability.

Affected Systems

The vulnerability affects the entire Imagination Technologies Graphics DDK across all platforms that use its GPU shader compiler. No specific version details are listed, so any device running this DDK is potentially exposed, particularly where the compiler process may possess system‑level rights.

Risk and Exploitability

The EPSS score of less than 1 % indicates that exploitation is currently considered unlikely, and the issue is not listed in CISA’s KEV catalog. The likely attack vector is inferred to be a malicious web page that includes unusually large switch statements in GPU shader code, which the compiler processes when the page is rendered. While the immediate effect is a crash, the out‑of‑bounds write could enable privilege escalation if the compiler has elevated permissions, elevating the threat to remote code execution.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Imagination Technologies

Graphics DDK

unknown

Version	Status	Constraints
`1.17 RTM`	unaffected	—
`1.18 RTM`	unaffected	—
`23.2 RTM`	affected	—
`24.1 RTM`	affected	≤ 25.1 RTM
`25.2 RTM`	unaffected	—

No data.

Vendor Product Confidence Versions

Imaginationtech

Graphics Ddk

86%

Version	Status	Scheme	Platform
`1.17 RTM`	unaffected	generic	['linux', 'android']
`1.18 RTM`	unaffected	generic	['linux', 'android']
`23.2 RTM`	affected	generic	['linux', 'android']
`[24.1 RTM,25.1 RTM]`	affected	generic	['linux', 'android']
`25.2 RTM`	unaffected	generic	['linux', 'android']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Imagination Technologies Graphics DDK to the latest release or apply any available patch as soon as it is released.
If a patch is not yet available, restrict the GPU compiler process to non‑privileged execution or remove system privileges where possible.
Monitor the vendor’s website and security advisories for updates or work‑arounds.

Generated by OpenCVE AI on March 23, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00053.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.imaginationtech.com/gpu-driver-vulnerabilities/

History

Mon, 23 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 23 Mar 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Imaginationtech Imaginationtech graphics Ddk
Vendors & Products		Imaginationtech Imaginationtech graphics Ddk

Fri, 20 Mar 2026 23:00:00 +0000

Type	Values Removed	Values Added
Description		A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access.
Title		GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation
Weaknesses		CWE-823
References		https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Subscriptions

Imaginationtech Graphics Ddk

MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published: 2026-03-20T22:48:42.695Z

Updated: 2026-03-23T15:03:50.302Z

Reserved: 2026-01-05T11:57:27.257Z

Link: CVE-2026-21732

Vulnrichment

Updated: 2026-03-23T15:02:50.205Z

NVD

Status : Awaiting Analysis

Published: 2026-03-20T23:16:42.480

Modified: 2026-03-23T15:16:31.653

Link: CVE-2026-21732

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-25T14:34:04Z

Weaknesses

CWE-823

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object