CVE-2026-21732
9.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.
An edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Imagination Technologies | Graphics DDK | 1.17 RTM | unaffected |
| Imagination Technologies | Graphics DDK | 1.18 RTM | unaffected |
| Imagination Technologies | Graphics DDK | 23.2 RTM | affected |
| Imagination Technologies | Graphics DDK | 24.1 RTM <= 25.1 RTM | affected |
| Imagination Technologies | Graphics DDK | 25.2 RTM | unaffected |
Weaknesses
- CWE-823: CWE-823: Use of Out-of-range Pointer Offset (4.16)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.