EUVD-2026-36630

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

CVE-2026-34195

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping...

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

CVE-2026-34195

Summary: CVE-2026-34195 describes a GPU DDK kernel heap OOB write caused by incorrect indexing of internal state during sparse allocation remapping, specifically involving PMRChangeSparseMemOSMem and physical page translation from virtual page indexes. This is triggered by non-privileged user act...

CVE-2026-34195 GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping...

PT-2026-49023

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Software installed and run as a non-privileged user may perform GPU system calls to write to arbitrary freed physical pages. This occurs because physical memory...

CVE-2026-34194

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled acro...

CVE-2026-22164

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

CVE-2026-34194 GPU DDK - UAF read and/or write to arbitrary physical pages in DevmemIntChangeSparse due to incorrect calculation of the virtual index count

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled acro...

EUVD-2026-35082

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

CVE-2026-22164 GPU DDK - Kernel heap OOB write in DevmemIntComputeVirtualIndicesFromLogical

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

CVE-2026-22164

Technical details are not publicly available in the provided documents. Monitor for future updates.

Imagination Graphics DDK 安全漏洞

Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK. This vulnerability arises from improper GPU system calls when the software runs as a non-privileged user. This leads to errors in managing...

CVE-2026-22167

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...

CVE-2026-10533 Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that...

CVE-2026-43361

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort when snapshotting received subvolumes Currently a user can trigger a transaction abort by snapshotting a previously received snapshot a bunch of times until we reach a BTRFSUUIDKEYRECEIVEDSUBVOL item...

CVE-2026-22167

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...

CVE-2026-22167 GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...

CVE-2026-22167

CVE-2026-22167 concerns a GPU DDK vulnerability where cache-resident PM buffers can be written by other GPU requestors. The issue allows software running as a non-privileged user to issue improper GPU system calls, forcing the GPU to write to arbitrary physical memory pages. Under certain conditi...