CVE-2026-45196 (GCVE-0-2026-45196)
Vulnerability from cvelistv5 – Published: 2026-07-10 20:53 – Updated: 2026-07-10 20:53
VLAI
EPSS
VEX
Title
GPU DDK - Arbitrary GPU register write in rgxfw_hwperf_hw due to unsanitized pointers from host kernel
Summary
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation.
Severity
No CVSS data available.
CWE
- CWE-280 - Improper Handling of Insufficient Permissions or Privileges (4.15)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Affected:
1.18 RTM2
(custom)
Affected: 23.2 RTM2 (custom) Affected: 24.2 RTM2 (custom) Affected: 25.1 RTM2 , ≤ 25.3 RTM (custom) Affected: 26.1 RTM1 (custom) Unaffected: 26.1 RTM2 (custom) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux",
"Android"
],
"product": "Graphics DDK",
"vendor": "Imagination Technologies",
"versions": [
{
"status": "affected",
"version": "1.18 RTM2",
"versionType": "custom"
},
{
"status": "affected",
"version": "23.2 RTM2",
"versionType": "custom"
},
{
"status": "affected",
"version": "24.2 RTM2",
"versionType": "custom"
},
{
"lessThanOrEqual": "25.3 RTM",
"status": "affected",
"version": "25.1 RTM2",
"versionType": "custom"
},
{
"status": "affected",
"version": "26.1 RTM1",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "26.1 RTM2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eKernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation.\u003c/p\u003e"
}
],
"value": "Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation."
}
],
"impacts": [
{
"capecId": "CAPEC-480",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-480: Escaping Virtualization (Version 3.9)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.15)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T20:53:50.761Z",
"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"shortName": "imaginationtech"
},
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GPU DDK - Arbitrary GPU register write in rgxfw_hwperf_hw due to unsanitized pointers from host kernel",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"assignerShortName": "imaginationtech",
"cveId": "CVE-2026-45196",
"datePublished": "2026-07-10T20:53:50.761Z",
"dateReserved": "2026-05-11T10:58:04.162Z",
"dateUpdated": "2026-07-10T20:53:50.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-45196\",\"sourceIdentifier\":\"367425dc-4d06-4041-9650-c2dc6aaa27ce\",\"published\":\"2026-07-10T21:16:54.657\",\"lastModified\":\"2026-07-10T21:16:54.657\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation.\"}],\"affected\":[{\"source\":\"367425dc-4d06-4041-9650-c2dc6aaa27ce\",\"affectedData\":[{\"vendor\":\"Imagination Technologies\",\"product\":\"Graphics DDK\",\"defaultStatus\":\"unknown\",\"platforms\":[\"Linux\",\"Android\"],\"versions\":[{\"version\":\"1.18 RTM2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"23.2 RTM2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"24.2 RTM2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"25.1 RTM2\",\"lessThanOrEqual\":\"25.3 RTM\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"26.1 RTM1\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"26.1 RTM2\",\"versionType\":\"custom\",\"status\":\"unaffected\"}]}]}],\"metrics\":{},\"weaknesses\":[{\"source\":\"367425dc-4d06-4041-9650-c2dc6aaa27ce\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-280\"}]}],\"references\":[{\"url\":\"https://www.imaginationtech.com/gpu-driver-vulnerabilities/\",\"source\":\"367425dc-4d06-4041-9650-c2dc6aaa27ce\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…