CVE-2026-7639

Summary

Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code.

Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory.

Affected Software

VendorProductVersion RangeStatus
Imagination TechnologiesGraphics DDK1.18 RTM2affected
Imagination TechnologiesGraphics DDK23.2 RTM2affected
Imagination TechnologiesGraphics DDK24.2 RTM2affected
Imagination TechnologiesGraphics DDK25.1 RTM2 <= 25.3 RTMaffected
Imagination TechnologiesGraphics DDK26.1 RTM1affected
Imagination TechnologiesGraphics DDK26.1 RTM2unaffected

Weaknesses

  • CWE-459: CWE-459: Incomplete Cleanup

References