{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21736", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "state": "PUBLISHED", "assignerShortName": "imaginationtech", "dateReserved": "2026-01-05T11:57:27.258Z", "datePublished": "2026-03-09T12:23:38.659Z", "dateUpdated": "2026-03-09T16:06:41.667Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2026-03-09T12:23:38.659Z"}, "title": "GPU DDK - Insufficient permission check in PhysmemWrapExtMem() when write attribute support enabled", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-280", "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-679", "descriptions": [{"lang": "en", "value": "CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections"}]}], "affected": [{"vendor": "Imagination Technologies", "product": "Graphics DDK", "platforms": ["Linux", "Android"], "versions": [{"status": "affected", "version": "1.17 RTM", "versionType": "custom"}, {"status": "affected", "version": "1.18 RTM", "versionType": "custom"}, {"status": "affected", "version": "23.2 RTM", "versionType": "custom"}, {"status": "affected", "version": "24.1 RTM", "lessThanOrEqual": "25.1 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "25.2 RTM", "lessThanOrEqual": "25.3 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "26.1 RTM", "versionType": "custom"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory.\n\nThis is caused by improper handling of the memory\u00a0protections\u00a0for the user-mode wrapped memory resource.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory.</p><p>This is caused by improper handling of the memory&nbsp;protections&nbsp;for the user-mode wrapped memory resource.</p>"}]}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T16:06:38.819665Z", "id": "CVE-2026-21736", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T16:06:41.667Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-21736", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T16:06:38.819665Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T16:06:31.993Z"}}], "cna": {"title": "GPU DDK - Insufficient permission check in PhysmemWrapExtMem() when write attribute support enabled", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-679", "descriptions": [{"lang": "en", "value": "CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections"}]}], "affected": [{"vendor": "Imagination Technologies", "product": "Graphics DDK", "versions": [{"status": "affected", "version": "1.17 RTM", "versionType": "custom"}, {"status": "affected", "version": "1.18 RTM", "versionType": "custom"}, {"status": "affected", "version": "23.2 RTM", "versionType": "custom"}, {"status": "affected", "version": "24.1 RTM", "versionType": "custom", "lessThanOrEqual": "25.1 RTM"}, {"status": "unaffected", "version": "25.2 RTM", "versionType": "custom", "lessThanOrEqual": "25.3 RTM"}, {"status": "unaffected", "version": "26.1 RTM", "versionType": "custom"}], "platforms": ["Linux", "Android"], "defaultStatus": "unknown"}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory.\n\nThis is caused by improper handling of the memory\u00a0protections\u00a0for the user-mode wrapped memory resource.", "supportingMedia": [{"type": "text/html", "value": "<p>Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory.</p><p>This is caused by improper handling of the memory&nbsp;protections&nbsp;for the user-mode wrapped memory resource.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-280", "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges"}]}], "providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2026-03-09T12:23:38.659Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21736", "state": "PUBLISHED", "dateUpdated": "2026-03-09T16:06:41.667Z", "dateReserved": "2026-01-05T11:57:27.258Z", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "datePublished": "2026-03-09T12:23:38.659Z", "assignerShortName": "imaginationtech"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imaginationtech:ddk:25.1:-:*:*:*:*:*:*", "matchCriteriaId": "27FDCFEF-64B2-4CE6-A22A-B87A827E288F", "vulnerable": true}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:25.1:rtm2:*:*:*:*:*:*", "matchCriteriaId": "3421036F-348E-4FC2-9D25-E45C3463B23B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory.\n\nThis is caused by improper handling of the memory\u00a0protections\u00a0for the user-mode wrapped memory resource."}, {"lang": "es", "value": "Software instalado y ejecutado como un usuario no privilegiado puede realizar llamadas al sistema de GPU impropias para obtener permiso de escritura a memoria de modo de usuario encapsulada de solo lectura.\n\nEsto es causado por el manejo impropio de las protecciones de memoria para el recurso de memoria encapsulada de modo de usuario."}], "id": "CVE-2026-21736", "lastModified": "2026-03-10T18:46:06.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-09T13:15:56.120", "references": [{"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "tags": ["Vendor Advisory"], "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-280"}], "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "android"], "status": "affected", "versions": {"scheme": "generic", "value": "1.17 RTM"}}, {"platform": ["linux", "android"], "status": "affected", "versions": {"scheme": "generic", "value": "1.18 RTM"}}, {"platform": ["linux", "android"], "status": "affected", "versions": {"scheme": "generic", "value": "23.2 RTM"}}, {"platform": ["linux", "android"], "status": "affected", "versions": {"scheme": "generic", "value": "[24.1 RTM,25.1 RTM]"}}, {"platform": ["linux", "android"], "status": "unaffected", "versions": {"scheme": "generic", "value": "[25.2 RTM,25.3 RTM]"}}, {"platform": ["linux", "android"], "status": "unaffected", "versions": {"scheme": "generic", "value": "26.1 RTM"}}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "Graphics DDK", "source": "cna", "vendor": "Imagination Technologies"}, "product": "graphics_ddk", "vendor": "imaginationtech"}], "analysis": {"en": {"generated_at": "2026-04-16T10:15:02.437104+00:00", "value": {"mitigation_remediation": ["Update the Imagination Technologies Graphics DDK to a version that includes the memory protection fix, ensuring the PhysmemWrapExtMem permission checks are corrected.", "If an updated DDK is unavailable, disable write attribute support in the GPU driver configuration to eliminate the write permission escalation path.", "Enforce stricter kernel\u2011level authorization for GPU system calls, restricting memory wrapping operations to privileged processes only."], "summary": {"action": "Immediate Patch", "impact": "Local Privilege Escalation via GPU Memory Write"}, "threat_synthesis": {"affected_systems": "Systems that run Imagination Technologies Graphics DDK version\u202f25.1\u2014including the RTM2 runtime\u2014are affected when the driver is compiled or configured with write attribute support enabled. Any host that installs this DDK and allows non\u2011privileged users to issue GPU commands may be impacted; no other products or vendors are listed in the available data.", "description_and_impact": "The GPU driver for Imagination Technologies contains an insufficient permission check in the PhysmemWrapExtMem function that allows any non\u2011privileged user to perform GPU system calls with write attribute support enabled. This flaw permits the attacker to gain write access to memory that should be read\u2011only, effectively bypassing the driver\u2019s memory protection safeguards. The vulnerability represents an Improper Access Control issue (CWE\u2011280) and can be used to modify memory used by other processes, allowing local privilege escalation or unauthorized data manipulation.", "risk_and_exploitability": "The CVSS base score of 4.4 indicates a moderate severity, while the EPSS score below 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog, and public exploits are not documented. Exploitation would require a local user with the ability to run GPU workloads, making the attack vector local. Given these conditions, the overall risk is moderate, but can be mitigated by applying vendor patches or disabling the write attribute feature."}}}}, "created": "2026-03-10T14:07:25.100799+00:00", "updated": "2026-04-16T10:15:26.116891+00:00", "vendors": ["imaginationtech", "imaginationtech$PRODUCT$graphics_ddk"]}