CVE-2026-34195 - Vulnerability Details

Description

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel.

The product incorrectly indexes internal state when performing sparse allocation remapping.

Published: 2026-06-12

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A non-privileged user can invoke special GPU sparse memory API calls that trigger an out‑of‑bounds write in the kernel heap when the Graphics DDK incorrectly translates virtual page indexes into physical page translations. This kernel heap corruption can allow an attacker to overwrite sensitive control data, potentially leading to privilege escalation or denial of service.

Affected Systems

The vulnerability affects Imagination Technologies Graphics DDK. No specific version information is provided in the available data.

Risk and Exploitability

The CVSS score is not present, and the EPSS score is unavailable, but the nature of the flaw – an OOB kernel write – indicates high severity. Because the flaw is triggered by an API usable by any user on the system, the attack vector is local. No exploitation evidence or KEV listing is reported. With the risk of privilege escalation and system instability, a conservative assessment would consider this a high‑risk vulnerability for affected installations.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Imagination Technologies

Graphics DDK

unknown

Version	Status	Constraints
`1.18 RTM`	unaffected	—
`23.2 RTM`	unaffected	—
`24.2 RTM`	affected	—
`25.1 RTM`	affected	≤ 25.3 RTM
`26.1 RTM`	unaffected	—
`26.2 RTM`	unaffected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Imagination Technologies Graphics DDK to the latest patched version that fixes the out‑of‑bounds write.
If an update is not yet available, restrict or disable the GPU sparse memory API for unprivileged users to prevent the trigger of the flaw.
Apply system‑level confinement such as SELinux or AppArmor to limit the GPU driver’s kernel privileges, reducing the impact if an OOB write occurs.

Generated by OpenCVE AI on June 12, 2026 at 23:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.imaginationtech.com/gpu-driver-vulnerabilities/

History

Fri, 12 Jun 2026 22:15:00 +0000

Type	Values Removed	Values Added
Description		Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping.
Title		GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes
Weaknesses		CWE-787
References		https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published: 2026-06-12T21:43:40.618Z

Updated: 2026-06-12T21:43:40.618Z

Reserved: 2026-03-26T13:47:30.669Z

Link: CVE-2026-34195

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-12T22:16:50.270

Modified: 2026-06-12T22:16:50.270

Link: CVE-2026-34195

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-12T23:30:08Z

Weaknesses

CWE-787
Out-of-bounds Write

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object