CVE-2026-22164

Summary

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.

By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory.

Affected Software

VendorProductVersion RangeStatus
Imagination TechnologiesGraphics DDK1.18 RTMunaffected
Imagination TechnologiesGraphics DDK23.2 RTMunaffected
Imagination TechnologiesGraphics DDK24.2 RTMaffected
Imagination TechnologiesGraphics DDK25.1 RTM <= 25.3 RTMaffected
Imagination TechnologiesGraphics DDK26.1 RTMaffected

Weaknesses

  • CWE-122: CWE-122: Heap-based Buffer Overflow (4.16)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References