CVE-2026-34193

MEDIUM 4.3

GPU DDK - Arbitrary write via UFO updates due insufficient pointer validation in rgxfw_to_ptr()

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host (Kernel) to perform arbitrary writes to firmware memory.

CWE	CWE-823
Vendor	imagination technologies
Product	graphics ddk
Published	Jun 1, 2026
Last Updated	Jun 1, 2026

Stay Ahead of the Next One

Get instant alerts for imagination technologies graphics ddk

Be the first to know when new medium vulnerabilities affecting imagination technologies graphics ddk are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Imagination Technologies / Graphics DDK

1.18 RTM 23.2 RTM 24.2 RTM 25.1 RTM ≤ 25.3 RTM 26.1 RTM1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

imaginationtech.com: https://www.imaginationtech.com/gpu-driver-vulnerabilities/