CVE-2026-45203
GPU DDK - rgxfw_hwperf_ufo() re-reads psCmdHeader->ui32CmdSize after initial check, TOCTOU
CVSS Score
7.8
EPSS Score
0.1%
EPSS Percentile
2th
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use.
| CWE | CWE-367 |
| Vendor | imagination technologies |
| Product | graphics ddk |
| Published | Jul 10, 2026 |
| Last Updated | Jul 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for imagination technologies graphics ddk
Be the first to know when new high vulnerabilities affecting imagination technologies graphics ddk are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Imagination Technologies / Graphics DDK
1.18 RTM2 23.2 RTM2 24.2 RTM2 25.1 RTM2 โค 25.3 RTM 26.1 RTM1