Description
Vulnerability in Imagination Technologies Graphics DDK on Linux, Android -- 
RESERVED
Published: 2026-04-17
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE listing reveals a flaw in the Imagination Technologies Graphics DDK for Linux and Android, but the detailed description is marked RESERVED and contains no information on the nature of the vulnerability, affected components, or attack surface. As a result, the precise security implications—whether confidentiality, integrity, or availability could be compromised—remain undefined. The vulnerability is identified as CWE-20: Improper Input Validation.

Affected Systems

The affected component is the Graphics DDK supplied by Imagination Technologies. Version information is not provided, so any installation of the Graphics DDK may be potentially impacted until a vendor patch or fix is released. Administrators should confirm whether their deployed driver stack aligns with the latest releases or any available advisories.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity rating, while the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Because the description is incomplete, the exact attack vector and privilege escalation scope remain uncertain; the entry references Linux and Android platforms, implying the flaw may be exploitable in those environments. The flaw is a CWE‑20 input validation issue, which could guide remediation efforts.

Generated by OpenCVE AI on May 10, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review the Imagination Technologies GPU driver vulnerability page at https://www.imaginationtech.com/gpu-driver-vulnerabilities/ for any advisories or patches.
  • Apply any updated Graphics DDK releases provided by Imagination Technologies that are indicated to address this issue.
  • If no patch is available, restrict GPU driver usage to trusted processes or limit GPU access to non‑privileged contexts as a temporary mitigative measure.

Generated by OpenCVE AI on May 10, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Thu, 23 Apr 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-280

Thu, 23 Apr 2026 11:30:00 +0000

Type Values Removed Values Added
Description Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections. Vulnerability in Imagination Technologies Graphics DDK on Linux, Android --  RESERVED
Title GPU DDK - Incorrect flags validation in RGXDerivePTEProt8 can allow GPU to overwrite read-only shared memory (e.g. libc.so) RESERVED

Fri, 17 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Imaginationtech
Imaginationtech graphics Ddk
Vendors & Products Imaginationtech
Imaginationtech graphics Ddk

Fri, 17 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 17 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections.
Title GPU DDK - Incorrect flags validation in RGXDerivePTEProt8 can allow GPU to overwrite read-only shared memory (e.g. libc.so)
Weaknesses CWE-280
References

Subscriptions

Imaginationtech Graphics Ddk
cve-icon MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published:

Updated: 2026-05-10T20:00:46.844Z

Reserved: 2026-01-05T11:57:27.258Z

Link: CVE-2026-21733

cve-icon Vulnrichment

Updated: 2026-04-17T17:19:31.532Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-17T17:16:35.220

Modified: 2026-05-10T21:16:28.363

Link: CVE-2026-21733

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T21:30:20Z

Weaknesses