CVE-2026-21733

Summary

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files.

This is caused by improper handling of GPU memory reservation protections.

Affected Software

VendorProductVersion RangeStatus
Imagination TechnologiesGraphics DDK1.18 RTMaffected
Imagination TechnologiesGraphics DDK23.2 RTMaffected
Imagination TechnologiesGraphics DDK24.1 RTM <= 24.2 RTMaffected
Imagination TechnologiesGraphics DDK25.1 RTM <= 25.3 RTMaffected
Imagination TechnologiesGraphics DDK26.1 RTMunaffected

Weaknesses

  • CWE-280: CWE-280: Improper Handling of Insufficient Permissions or Privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References