CVE-2026-34192

Summary

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables.

The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not cleanup properly before freeing the physical allocation.

Affected Software

VendorProductVersion RangeStatus
Imagination TechnologiesGraphics DDK1.18 RTMaffected
Imagination TechnologiesGraphics DDK23.2 RTMaffected
Imagination TechnologiesGraphics DDK24.2 RTMaffected
Imagination TechnologiesGraphics DDK25.1 RTM <= 25.3 RTMaffected
Imagination TechnologiesGraphics DDK26.1 RTMunaffected

Weaknesses

  • CWE-416: CWE-416: Use After Free (4.15)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References