CVE-2026-45203

Summary

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel.

A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use.

Affected Software

VendorProductVersion RangeStatus
Imagination TechnologiesGraphics DDK1.18 RTM2affected
Imagination TechnologiesGraphics DDK23.2 RTM2affected
Imagination TechnologiesGraphics DDK24.2 RTM2affected
Imagination TechnologiesGraphics DDK25.1 RTM2 <= 25.3 RTMaffected
Imagination TechnologiesGraphics DDK26.1 RTM1affected
Imagination TechnologiesGraphics DDK26.1 RTM2unaffected

Weaknesses

  • CWE-367: CWE - CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition (4.20)

References