Description
Requires malware code to misuse the DDK kernel module IOCTL interface.

Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.

The product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.
Published: 2026-03-20
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution through arbitrary physical memory writes via DDK IOCTL misuse
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows malware to misuse the Graphics DDK kernel module IOCTL interface to perform writes to arbitrary physical memory pages, thereby subverting the GPU's behavior. This unsynchronised concurrent access to a shared resource creates a race condition that can be exploited to trigger write operations outside the intended memory boundaries. The result is the potential for arbitrary code execution or other malicious actions on the host system.

Affected Systems

Imagination Technologies Graphics DDK is affected. No specific version information is provided in the data, so any installation of the product that includes the DDK kernel module is potentially vulnerable.

Risk and Exploitability

With a CVSS score of 7.8 the vulnerability is considered high severity, but the EPSS score is less than 1%, indicating a low likelihood of active exploitation currently. The vulnerability is not listed in the CISA KEV catalog. Attackers need to deliver code that can call the unsupported IOCTL, typically requiring local or privileged access to the host system. If successful, the exploit can read or write arbitrary kernel memory, enabling attackers to compromise confidentiality, integrity, or availability of the affected system.

Generated by OpenCVE AI on March 23, 2026 at 16:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Imagination Technologies for a vendor patch or update for the Graphics DDK
  • Apply the updated patch if available
  • If no patch is available, restrict access to the DDK kernel module IOCTL interface and run GPU drivers with the least privilege necessary
  • Monitor system logs for suspicious IOCTL activity and consider disabling or blocking the interface if feasible

Generated by OpenCVE AI on March 23, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Imaginationtech
Imaginationtech graphics Ddk
Vendors & Products Imaginationtech
Imaginationtech graphics Ddk

Fri, 20 Mar 2026 23:00:00 +0000

Type Values Removed Values Added
Description Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.
Title GPU DDK - Unsafe writing of MMU PT entries on systems with 32-bit host CPU
Weaknesses CWE-820
References

Subscriptions

Imaginationtech Graphics Ddk
cve-icon MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published:

Updated: 2026-03-23T14:59:27.041Z

Reserved: 2026-01-06T15:50:36.204Z

Link: CVE-2026-22163

cve-icon Vulnrichment

Updated: 2026-03-23T14:56:10.816Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-20T23:16:42.640

Modified: 2026-03-23T15:16:31.873

Link: CVE-2026-22163

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:34:01Z

Weaknesses