CVE-2026-45203
N/A
N/A
Summary
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel.
A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Imagination Technologies | Graphics DDK | 1.18 RTM2 | affected |
| Imagination Technologies | Graphics DDK | 23.2 RTM2 | affected |
| Imagination Technologies | Graphics DDK | 24.2 RTM2 | affected |
| Imagination Technologies | Graphics DDK | 25.1 RTM2 <= 25.3 RTM | affected |
| Imagination Technologies | Graphics DDK | 26.1 RTM1 | affected |
| Imagination Technologies | Graphics DDK | 26.1 RTM2 | unaffected |
Weaknesses
- CWE-367: CWE - CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition (4.20)
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.