Description
Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel.



The product incorrectly indexes internal state when performing sparse allocation remapping.
Published: 2026-06-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A non‑privileged user can execute GPU sparse memory API calls that trigger an out‑of‑bounds write on the kernel heap. This occurs due to incorrect translation of virtual page indexes into physical page translations when the Imagination Technologies Graphics DDK performs sparse allocation remapping. The CVE description does not detail specific downstream effects; however, the kernel heap corruption could potentially compromise system integrity or availability if exploited, such as facilitating arbitrary code execution or causing service disruption. The statement about potential impact is inferred, not directly stated in the provided data.

Affected Systems

The product affected is the Imagination Technologies Graphics DDK. No version information is present in the data, so all releases of this DDK are potentially impacted unless otherwise documented by the vendor.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, while the EPSS of <1% suggests low current exploitation probability. The available description implies the attack vector is local, from a non‑privileged user that can invoke the vulnerable GPU API. The vulnerability is not listed in the CISA KEV catalog. Given the kernel write nature, any exploit could impair confidentiality, integrity, or availability, but the exact exploitation method is not disclosed in the CVE data.

Generated by OpenCVE AI on June 18, 2026 at 01:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Imagination Technologies Graphics DDK to the latest patched version when it becomes available.
  • If a patch is not yet available, restrict or disable the GPU sparse memory API for users that lack privileged access, for example by configuring device permissions or using GPU driver configuration settings.
  • Apply system‑level confinement such as SELinux or AppArmor to limit driver privileges, reducing the potential impact of a kernel heap corruption.

Generated by OpenCVE AI on June 18, 2026 at 01:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 13 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Imaginationtech
Imaginationtech graphics Ddk
Vendors & Products Imaginationtech
Imaginationtech graphics Ddk

Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping.
Title GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes
Weaknesses CWE-787
References

Subscriptions

Imaginationtech Graphics Ddk
cve-icon MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published:

Updated: 2026-06-15T19:27:12.847Z

Reserved: 2026-03-26T13:47:30.669Z

Link: CVE-2026-34195

cve-icon Vulnrichment

Updated: 2026-06-15T19:11:40.098Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T22:16:50.270

Modified: 2026-06-16T15:40:10.107

Link: CVE-2026-34195

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T02:00:05Z

Weaknesses