Description
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.



By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory.
Published: 2026-06-08
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an out‑of‑bounds write on the kernel heap in the Imagination Technologies Graphics DDK. An attacker executing code as a non‑privileged user can craft certain GPU resources and supply parameters to the affected interface, causing the kernel memory to be overwritten. The primary impact is corruption of kernel data structures, which can lead to privilege escalation, arbitrary code execution, or a denial of service if the kernel becomes unstable.

Affected Systems

Affected systems include the Imagination Technologies Graphics DDK. No specific version information is provided, thus any deployment of the DDK that implements the vulnerable interface may be impacted.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA KEV, but the CVSS score of 7.5 indicates high severity for a kernel heap out-of-bounds write. The attack surface is a non-privileged user that can invoke GPU system calls, and no specific network or local privilege escalation prerequisite is mentioned, implying that local exploitation is feasible. The potential for kernel corruption warrants high concern.

Generated by OpenCVE AI on June 8, 2026 at 20:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an up-to-date version of the Imagination Technologies Graphics DDK that contains the patch for the heap OOB write
  • If a patch is not yet available, disable or remove the affected GPU driver from the system to prevent the vulnerable interface from being exposed
  • Enforce the principle of least privilege by restricting GPU resource creation and limiting access to the DDK only to trusted system components and administrators

Generated by OpenCVE AI on June 8, 2026 at 20:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory.
Title GPU DDK - Kernel heap OOB write in DevmemIntComputeVirtualIndicesFromLogical
Weaknesses CWE-122
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published:

Updated: 2026-06-08T18:19:11.636Z

Reserved: 2026-01-06T15:50:36.204Z

Link: CVE-2026-22164

cve-icon Vulnrichment

Updated: 2026-06-08T18:19:07.179Z

cve-icon NVD

Status : Received

Published: 2026-06-08T16:16:37.823

Modified: 2026-06-08T19:16:42.290

Link: CVE-2026-22164

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T20:30:06Z

Weaknesses