๐Ÿ” CVE Alert

CVE-2026-45203

HIGH 7.8

GPU DDK - rgxfw_hwperf_ufo() re-reads psCmdHeader->ui32CmdSize after initial check, TOCTOU

CVSS Score
7.8
EPSS Score
0.1%
EPSS Percentile
2th

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use.

CWE CWE-367
Vendor imagination technologies
Product graphics ddk
Published Jul 10, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for imagination technologies graphics ddk

Be the first to know when new high vulnerabilities affecting imagination technologies graphics ddk are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Imagination Technologies / Graphics DDK
1.18 RTM2 23.2 RTM2 24.2 RTM2 25.1 RTM2 โ‰ค 25.3 RTM 26.1 RTM1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
imaginationtech.com: https://www.imaginationtech.com/gpu-driver-vulnerabilities/