CVE-2026-22167

7.8 HIGH

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical mem...

Published: 2026-05-01 · Last updated: 2026-06-01

Severity and scoring

CVSS: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119

Affected products

Vendor	Product
imaginationtech	ddk

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. This attack can lead the GPU to perform write operations on restricted internal GPU buffers that can lead to a second order affect of corrupted arbitrary physical memory.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-22167
[Vendor advisory]https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Related CVEs

Same vendor

CVE-2026-22166 — A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES u... (8.1 HIGH)
CVE-2026-22165 — A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES... (8.1 HIGH)

Same CWE

CVE-2026-12330 — Incorrect boundary conditions in the Internationalization component (5.4 MEDIUM)
CVE-2026-12329 — Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)
CVE-2026-12327 — Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151 (7.3 HIGH)
CVE-2026-12326 — Memory safety bugs present in Firefox 151 and Thunderbird 151 (7.3 HIGH)
CVE-2026-12318 — Incorrect boundary conditions in the Libraries component in NSS (7.3 HIGH)