22 matches found
CVE-2023-4969
CVE-2023-4969 describes a vulnerability where a GPU kernel can read sensitive data from another GPU kernel through the local memory region across various architectures. The issue is a confidentiality exposure (HIGH) with LOCAL access and LOW attack complexity; no user interaction is required. The...
CVE-2025-0467
CVE-2025-0467 affects Imagination Technologies PowerVR-GPU kernel code used inside a guest VM. The vulnerability arises when memory shared with the GPU firmware can be abused by the guest to write data outside the virtualized GPU memory, potentially impacting data integrity and isolation between ...
CVE-2025-25179
CVE-2025-25179 is a local vulnerability in the Imagination Technologies PowerVR-GPU driver. A non-privileged user may issue improper GPU system calls that subvert GPU hardware and write to arbitrary physical memory pages. Reported base metrics indicate local access, low privileges required, and h...
CVE-2025-46710
CVE-2025-46710 is tied to Imagination Technologies’ PowerVR-GPU driver. The issue arises from reusing kernel heap data after it has been freed, which can lead to kernel exceptions. Affected component: Imagination GPU Driver (PowerVR-GPU). Impact described in sources: potential kernel-level instab...
CVE-2025-46707
CVE-2025-46707 concerns Imagination Technologies graphics stack (PowerVR-GPU) where software in a Guest VM can override the firmware state and gain access to the GPU. The base CVSS shows it is a local issue with low privileges and no user interaction, scoped to change in confidentiality/integrity...
CVE-2025-46708
CVE-2025-46708 affects Imagination Technologies PowerVR-GPU driver. The issue arises when software inside a Guest VM makes improper GPU system calls, delaying or blocking the GPU for other guests and preventing them from processing workloads. The vulnerability is described as enabling guest VMs t...
CVE-2025-46709
CVE-2025-46709 describes a vulnerability in Imagination Technologies (Graphics DDK) related to memory handling in kernel space: reading kernel heap data after it has been freed or dereferencing a NULL pointer, causing a potential memory leak and kernel exceptions. The public records consistently ...
CVE-2025-13952
CVE-2025-13952 involves the GPU shader compiler library: loading a web page containing unusual GPU shader code can trigger a write-use-after-free crash in the GPU shader compiler, via a path that retains a freed memory pointer. Affected component is the GPU shader compiler library; specific produ...
CVE-2025-46711
CVE-2025-46711 affects Imagination Technologies PowerVR-GPU via the GPU DDK. The issue arises from improper GPU system calls that can trigger a NULL pointer dereference in the kernel when used by software running with non-privileged permissions, leading to potential kernel crashes (DoS). CVSS ind...
CVE-2025-58410
CVE-2025-58410 concerns Imagination Technologies PowerVR-GPU drivers. The root cause is improper handling of memory protections for a buffer resource, enabling a non-privileged process to perform improper GPU system calls that could grant write access to buffers exported as read-only via dma_buf ...
CVE-2026-22165
CVE-2026-22165 involves a flaw in a GPU DDK where a web page serving unusual WebGPU content loaded into the GPU GLES render process can trigger a write UAF in the GPU GLES user-space shared library. The root cause is described as UAF reads of GLES3Context::psDrawParams and GLES3Context::psMode an...
CVE-2026-22166
CVE-2026-22166 pertains to GPU DDK components where a web page sending anomalous WebGPU content into the GPU GLES render process can trigger a write UAF crash in the GPU GLES user-space shared library (KEGLGetPoolBuffers). The exposed root cause is a write-after-free condition in KEGLGetPoolBuffe...
CVE-2025-10865
CVE-2025-10865 affects the Imagination Graphics DDK (GPU driver) where DevmemIntGetReservationData does not properly ref the PMR, leading to improper reference counting and a potential use-after-free vulnerability. The issue is described as arising when unprivileged users run GPU system calls, wi...
CVE-2025-58407
CVE-2025-58407 concerns Imagination Technologies GPU DDK/driver software used in a Guest VM. The vulnerability is a TOCTOU race in the GPU firmware interaction (psFWMemContext->uiPageCatBaseRegSet) that could allow reading and/or writing data outside the allotted memory, enabling escape from t...
CVE-2025-25176
The CVE-2025-25176 entry pertains to Imagination Graphics DDK GPU driver vulnerabilities; described issue is exfiltration of intermediate register values from secure workloads into non-secure world when scheduled by applications in the non-secure environment. Affected component: GPU driver/SDK (I...
CVE-2025-58408
CVE-2025-58408 affects Imagination GPU DDK components (PVRSRVBridgeRGXSubmitTransfer2) with a Use-After-Free due to improper error handling in GPU system calls. The flaw allows reads of stale data when a non-privileged user triggers GPU calls, risking kernel exceptions and potential resource dest...
CVE-2026-21736
CVE-2026-21736 concerns the GPU DDK: it reports an insufficient permission check in PhysmemWrapExtMem() when write attribute support is enabled. The underlying issue is improper handling of memory protections for the user-mode wrapped memory resource, allowing a non-privileged user to conduct imp...
CVE-2026-22167
CVE-2026-22167 concerns a GPU DDK vulnerability where cache-resident PM buffers can be written by other GPU requestors. The issue allows software running as a non-privileged user to issue improper GPU system calls, forcing the GPU to write to arbitrary physical memory pages. Under certain conditi...
CVE-2025-58409
CVE-2025-58409 is a GPU driver vulnerability affecting Imagination Technologies’ GPU driver/Imagination Graphics DDK. The issue arises when an unprivileged user performs improper GPU system calls, subverting GPU hardware to write to arbitrary physical memory pages. Under certain conditions this c...
CVE-2025-58411
CVE-2025-58411 affects Imagination Graphics DDK (GPU driver) where a non-privileged user can trigger improper GPU system calls, leading to mismanagement of resource reference counts and a potential write use-after-free. Root cause: improper resource management and reference counting on an interna...
CVE-2026-21732
The CVE-2026-21732 issue affects the GPU shader compiler library (WebGPU shader compilation path) where loading unusual shader code can trigger an out-of-bounds write, causing a crash. An edge case with very large switch values can cause a segmentation fault via OOB access during conversion in th...
CVE-2026-22163
CVE-2026-22163 concerns GPU DDK kernel IOCTL misuse enabling writes to arbitrary physical memory pages via an unsafely accessed shared resource; impact described as unsafe writes to MMU Page Table entries on systems with 32-bit host CPUs. Root cause: lack of synchronization for a concurrent resou...