CVE-2026-22163 GPU DDK - Unsafe writing of MMU PT entries on systems with 32-bit host CPU

Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt t...

CVE-2026-21736

CVE-2026-21736 is a GPU DDK vulnerability where a non-privileged user can perform improper GPU system calls to gain write access to read-only wrapped user-mode memory. The enrichment notes an insufficient permission check in PhysmemWrapExtMem() when write attribute support is enabled; the root ca...

CVE-2025-58411 GPU DDK - Reservation::psMappedPMR can change while used by a freelist -> UAF

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management and reference counting on an internal resource caused scenario where potentia...

CVE-2025-8109 GPU DDK - GPU shader shared memory corrupted using ptrace to disrupt GPU operation

Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory...

CVE-2025-25180 GPU DDK - Insufficient validation in RGXCREATEFREELIST creates corrupt freelist

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kern...

CVE-2025-25180

CVE-2025-25180 affects Imagination Technologies’ PowerVR-GPU driver. The issue arises from insufficient validation in RGXCREATEFREELIST, allowing an unprivileged user to trigger improper GPU system calls that can subvert GPU hardware and write to arbitrary physical memory pages. Under certain con...

CVE-2025-46708

CVE-2025-46708 affects Imagination Technologies PowerVR-GPU driver. The issue arises when software inside a Guest VM makes improper GPU system calls, delaying or blocking the GPU for other guests and preventing them from processing workloads. The vulnerability is described as enabling guest VMs t...

CVE-2025-25179 GPU DDK - Freelist GPU VA can be remapped to another reservation/PMR to trigger GPU arbitrary write to physical memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages...

CVE-2025-25179

CVE-2025-25179 is a local vulnerability in the Imagination Technologies PowerVR-GPU driver. A non-privileged user may issue improper GPU system calls that subvert GPU hardware and write to arbitrary physical memory pages. Reported base metrics indicate local access, low privileges required, and h...

CVE-2024-47893

CVE-2024-47893 is a vulnerability in kernel software in a guest VM that can read/write data outside the VM’s virtualised GPU memory by exploiting shared memory with the GPU firmware. Multiple connected sources (NVD, Red Hat, CVE listing, CNNVD) confirm the issue affects Imagination Technologies’ ...

CVE-2024-47893 GPU DDK - OOB read and write of the shared KMD/FW memory heap (VZ/TEE setups)

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory...

CVE-2025-1706 GPU DDK - Improper locking when accessing the pvr_exp_fence object

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions...

CVE-2025-1706 GPU DDK - Improper locking when accessing the pvr_exp_fence object

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions...

CVE-2025-0467 GPU DDK - rgxfw_hwperf_get_packet_buffer OOB write

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory...

CVE-2025-25178 GPU DDK - PhysmemWrapExtMem uiSize=0 corrupts kernel memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption...

CVE-2025-25178 GPU DDK - PhysmemWrapExtMem uiSize=0 corrupts kernel memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption...

CVE-2025-0835 GPU DDK - _WrapExtMemReleasePages called twice if _FlushUMVirtualRange fails

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory...

CVE-2025-0835 GPU DDK - _WrapExtMemReleasePages called twice if _FlushUMVirtualRange fails

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory...

CVE-2025-0478 GPU DDK - PMMETA_PROTECT PMR can be exported as dma-buf file / GEM object

Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kerne...

CVE-2024-12837 GPU DDK - Exploitable kernel double free on apsFenceSyncCheckpoints allocated with arbitrary size

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory...