Description
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel.



Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.
Published: 2026-06-26
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Kernel software running inside a Host VM can post improper commands to the GPU Firmware, allowing the firmware to read or write memory addresses beyond the privileged range allocated to the host kernel. This flaw, identified as CWE-280, can enable an attacker with kernel-level access to the host to perform arbitrary memory reads or writes, potentially leading to kernel code execution or privilege escalation.

Affected Systems

The vulnerability resides in Imagination Technologies Graphics DDK used in the GPU driver stack. Affected versions are not listed in the advisory, so any installation of the Graphics DDK remains potentially vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score is 7.8 and the EPSS score is unavailable, but the nature of the flaw indicates a high risk for attackers who can control kernel code within the host VM. Exploitation would require the ability to craft and inject the specific GPU commands that trigger the out‑of‑bounds accesses. No KEV listing suggests no publicly known exploits yet, but the potential for privileged memory access creates a serious threat that warrants immediate attention.

Generated by OpenCVE AI on June 26, 2026 at 22:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch or firmware update from Imagination Technologies that enforces bounds checking on address parameters in the Graphics DDK.
  • Restrict the host VM’s GPU access by configuring virtualization settings to allow only trusted commands and disabling any unchecked or privileged command paths.
  • Enforce kernel memory protection by ensuring that the GPU firmware does not expose privileged memory spaces, and monitor for anomalous memory access patterns in system logs.
  • As an interim workaround, if a patch is not available, limit the host VM’s CPU scheduling to prevent the kernel from executing the untrusted GPU commands until a fix can be applied.

Generated by OpenCVE AI on June 26, 2026 at 22:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.
Title GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted
Weaknesses CWE-280
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published:

Updated: 2026-06-26T19:15:23.103Z

Reserved: 2026-05-11T10:58:04.162Z

Link: CVE-2026-45195

cve-icon Vulnrichment

Updated: 2026-06-26T19:15:07.140Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T22:15:06Z

Weaknesses
  • CWE-280

    Improper Handling of Insufficient Permissions or Privileges