CVE-2026-22165

Summary

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the device.

Affected Software

VendorProductVersion RangeStatus
Imagination TechnologiesGraphics DDK1.18 RTMaffected
Imagination TechnologiesGraphics DDK23.2 RTMaffected
Imagination TechnologiesGraphics DDK24.1 RTM <= 24.2 RTMaffected
Imagination TechnologiesGraphics DDK25.1 RTM <= 25.3 RTMaffected
Imagination TechnologiesGraphics DDK26.1 RTMunaffected

Weaknesses

  • CWE-416: CWE-416: Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References