Impact
The vulnerability is an out‑of‑bounds write in the Imagination Technologies Graphics DDK, triggered by WebGPU content loaded into the GPU GLES render process. The driver computes a required memory buffer size from untrusted input, but an integer overflow can produce a value smaller than needed. A subsequenting adjacent memory. This memory corruption can cause the GPU process to become unstable or crash, as described in the CVE report. The weakness is identified as CWE‑787 and the CVSS score of 9.8 indicates a critical severity.
Affected Systems
Imagination Technologies Graphics DDK products that are used in web browsers supporting WebGPU. No specific affected versions are disclosed in the available data.
Risk and Exploitability
The CVSS score of 9.8 indicates critical severity, while the EPSS score of < 1% suggests a very low likelihood of exploitation in the wild. The vulnerability is not listed in CISA KEV. Attackers would need to supply a crafted WebGPU payload to a web page, making the attack vector client‑side and local to the browser environment. The potential impact is a crash of the GPU rendering process within the browser.
OpenCVE Enrichment