CVE-2026-34194 GPU DDK - UAF read and/or write to arbitrary physical pages in DevmemIntChangeSparse due to incorrect calculation of the virtual index count

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled acro...

CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...

CVE-2026-21732

CVE-2026-21732 affects the GPU shader compiler path used by Imagination Graphics DDK in various disclosures. The issue is described as an out-of-bounds write crash triggered by unusual GPU shader code, specifically when a web page contains shader input that is loaded into the GPU compiler process...

Imagination Graphics DDK security vulnerability

Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK, which stems from the reuse of memory allocated by the GPU shader compiler library after it has been released. This vulnerability could...

The vulnerability of the rgxfw_hwr_log_info() function in the Driver Development Kit (DDK) – a set of tools for developing graphics processor drivers – allows a hacker to compromise the integrity of protected information.

The vulnerability of the rgxfwhwrloginfo function in the Driver Development Kit DDK involves a pointer being moved beyond the allocated memory area when processing the psHWRInfoBuf parameter. Exploiting this vulnerability can allow an attacker to compromise the integrity of the protected...

The vulnerability of the rgxfw_pcset_ungrab() function in the Driver Development Kit (DDK) allows a hacker to trigger a service failure.

The vulnerability of the rgxfwpcsetungrab function in the Driver Development Kit DDK relates to a pointer shift beyond the allocated memory range when processing the psFWMemContext parameter. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the rgxfw_write_robustness_buffer() function in the Driver Development Kit (DDK) toolset allows a hacker to gain unauthorized access to protected information.

The vulnerability of the rgxfwwriterobustnessbuffer function in the Driver Development Kit DDK toolset is related to context privilege switching errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...