CVE-2026-7639 (GCVE-0-2026-7639)
Vulnerability from cvelistv5 – Published: 2026-07-10 20:50 – Updated: 2026-07-10 20:50
VLAI
EPSS
VEX
Title
GPU DDK - Page UAF read in PMMETA_PROTECT heap memory
Summary
Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code.
Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory.
Severity
No CVSS data available.
CWE
- CWE-459 - Incomplete Cleanup
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Affected:
1.18 RTM2
(custom)
Affected: 23.2 RTM2 (custom) Affected: 24.2 RTM2 (custom) Affected: 25.1 RTM2 , ≤ 25.3 RTM (custom) Affected: 26.1 RTM1 (custom) Unaffected: 26.1 RTM2 (custom) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Linux",
"Android"
],
"product": "Graphics DDK",
"vendor": "Imagination Technologies",
"versions": [
{
"status": "affected",
"version": "1.18 RTM2",
"versionType": "custom"
},
{
"status": "affected",
"version": "23.2 RTM2",
"versionType": "custom"
},
{
"status": "affected",
"version": "24.2 RTM2",
"versionType": "custom"
},
{
"lessThanOrEqual": "25.3 RTM",
"status": "affected",
"version": "25.1 RTM2",
"versionType": "custom"
},
{
"status": "affected",
"version": "26.1 RTM1",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "26.1 RTM2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSoftware installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code.\u003c/p\u003e\u003cp\u003eTriggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory.\u003c/p\u003e"
}
],
"value": "Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code.\n\n\n\nTriggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554: Functionality Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459: Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T20:50:27.730Z",
"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"shortName": "imaginationtech"
},
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GPU DDK - Page UAF read in PMMETA_PROTECT heap memory",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"assignerShortName": "imaginationtech",
"cveId": "CVE-2026-7639",
"datePublished": "2026-07-10T20:50:27.730Z",
"dateReserved": "2026-05-01T16:03:30.275Z",
"dateUpdated": "2026-07-10T20:50:27.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-7639\",\"sourceIdentifier\":\"367425dc-4d06-4041-9650-c2dc6aaa27ce\",\"published\":\"2026-07-10T21:17:00.637\",\"lastModified\":\"2026-07-10T21:17:00.637\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code.\\n\\n\\n\\nTriggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory.\"}],\"affected\":[{\"source\":\"367425dc-4d06-4041-9650-c2dc6aaa27ce\",\"affectedData\":[{\"vendor\":\"Imagination Technologies\",\"product\":\"Graphics DDK\",\"defaultStatus\":\"unknown\",\"platforms\":[\"Linux\",\"Android\"],\"versions\":[{\"version\":\"1.18 RTM2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"23.2 RTM2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"24.2 RTM2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"25.1 RTM2\",\"lessThanOrEqual\":\"25.3 RTM\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"26.1 RTM1\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"26.1 RTM2\",\"versionType\":\"custom\",\"status\":\"unaffected\"}]}]}],\"metrics\":{},\"weaknesses\":[{\"source\":\"367425dc-4d06-4041-9650-c2dc6aaa27ce\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-459\"}]}],\"references\":[{\"url\":\"https://www.imaginationtech.com/gpu-driver-vulnerabilities/\",\"source\":\"367425dc-4d06-4041-9650-c2dc6aaa27ce\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…