Description
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel.
A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use.
A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use.
Published:
2026-07-10
Score:
n/a
EPSS:
n/a
KEV:
No
Impact:
n/a
Action:
n/a
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://www.imaginationtech.com/gpu-driver-vulnerabilities/ |
|
History
Fri, 10 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use. | |
| Title | GPU DDK - rgxfw_hwperf_ufo() re-reads psCmdHeader->ui32CmdSize after initial check, TOCTOU | |
| Weaknesses | CWE-367 | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: imaginationtech
Published:
Updated: 2026-07-10T20:57:19.733Z
Reserved: 2026-05-11T10:58:04.163Z
Link: CVE-2026-45203
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition