{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22163", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "state": "PUBLISHED", "assignerShortName": "imaginationtech", "dateReserved": "2026-01-06T15:50:36.204Z", "datePublished": "2026-03-20T22:52:43.831Z", "dateUpdated": "2026-03-23T14:59:27.041Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2026-03-20T22:52:43.831Z"}, "title": "GPU DDK - Unsafe writing of MMU PT entries on systems with 32-bit host CPU", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-820", "description": "CWE-820: Missing Synchronization (4.19)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-124", "descriptions": [{"lang": "en", "value": "CAPEC-124: Shared Resource Manipulation (Version 3.9)"}]}], "affected": [{"vendor": "Imagination Technologies", "product": "Graphics DDK", "platforms": ["Linux", "Android"], "versions": [{"status": "affected", "version": "1.17 RTM", "versionType": "custom"}, {"status": "affected", "version": "1.18 RTM", "versionType": "custom"}, {"status": "affected", "version": "23.2 RTM", "versionType": "custom"}, {"status": "affected", "version": "24.1 RTM", "lessThanOrEqual": "24.2 RTM", "versionType": "custom"}, {"status": "affected", "version": "25.1 RTM", "lessThanOrEqual": "25.3 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "26.1 RTM", "versionType": "custom"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Requires malware code to misuse the DDK kernel module IOCTL interface.\n\nSuch code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.\n\nThe product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Requires malware code to misuse the DDK kernel module IOCTL interface.</p><p>Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.</p><p>The product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.</p>"}]}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T14:57:03.473658Z", "id": "CVE-2026-22163", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:59:27.041Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-22163", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T14:57:03.473658Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:56:10.816Z"}}], "cna": {"title": "GPU DDK - Unsafe writing of MMU PT entries on systems with 32-bit host CPU", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-124", "descriptions": [{"lang": "en", "value": "CAPEC-124: Shared Resource Manipulation (Version 3.9)"}]}], "affected": [{"vendor": "Imagination Technologies", "product": "Graphics DDK", "versions": [{"status": "affected", "version": "1.17 RTM", "versionType": "custom"}, {"status": "affected", "version": "1.18 RTM", "versionType": "custom"}, {"status": "affected", "version": "23.2 RTM", "versionType": "custom"}, {"status": "affected", "version": "24.1 RTM", "versionType": "custom", "lessThanOrEqual": "24.2 RTM"}, {"status": "affected", "version": "25.1 RTM", "versionType": "custom", "lessThanOrEqual": "25.3 RTM"}, {"status": "unaffected", "version": "26.1 RTM", "versionType": "custom"}], "platforms": ["Linux", "Android"], "defaultStatus": "unknown"}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Requires malware code to misuse the DDK kernel module IOCTL interface.\n\nSuch code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.\n\nThe product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.", "supportingMedia": [{"type": "text/html", "value": "<p>Requires malware code to misuse the DDK kernel module IOCTL interface.</p><p>Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.</p><p>The product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-820", "description": "CWE-820: Missing Synchronization (4.19)"}]}], "providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2026-03-20T22:52:43.831Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22163", "state": "PUBLISHED", "dateUpdated": "2026-03-23T14:59:27.041Z", "dateReserved": "2026-01-06T15:50:36.204Z", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "datePublished": "2026-03-20T22:52:43.831Z", "assignerShortName": "imaginationtech"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imaginationtech:ddk:*:*:*:*:*:*:*:*", "matchCriteriaId": "353FDA3E-D8FC-4482-82E9-E86AD9455FB8", "versionEndIncluding": "25.3", "versionStartIncluding": "25.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:1.17:*:*:*:*:*:*:*", "matchCriteriaId": "1C2A0AE6-35B7-4221-8E49-6CF3AD9B3927", "vulnerable": true}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:1.18:*:*:*:*:*:*:*", "matchCriteriaId": "822E865A-168C-4F82-95C7-B1752575C175", "vulnerable": true}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:23.2:*:*:*:*:*:*:*", "matchCriteriaId": "6F512C3D-CF11-492B-8CAB-CF51965F4250", "vulnerable": true}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:24.1:*:*:*:*:*:*:*", "matchCriteriaId": "8C31AED8-475E-464F-856B-9F5760CEBDF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:24.2:*:*:*:*:*:*:*", "matchCriteriaId": "1C9CC454-864E-46E5-AD29-E81F8290EDEC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Requires malware code to misuse the DDK kernel module IOCTL interface.\n\nSuch code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.\n\nThe product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource."}, {"lang": "es", "value": "Requiere que el c\u00f3digo de malware haga un uso indebido de la interfaz IOCTL del m\u00f3dulo kernel DDK.\n\nDicho c\u00f3digo puede usar la interfaz de una manera no soportada que permite la subversi\u00f3n de la GPU para realizar escrituras en p\u00e1ginas de memoria f\u00edsica arbitrarias.\n\nEl producto utiliza un recurso compartido de manera concurrente, pero no intenta sincronizar el acceso al recurso."}], "id": "CVE-2026-22163", "lastModified": "2026-04-21T16:53:35.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-20T23:16:42.640", "references": [{"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "tags": ["Vendor Advisory"], "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-820"}], "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "android"], "status": "affected", "versions": {"scheme": "generic", "value": "1.17 RTM"}}, {"platform": ["linux", "android"], "status": "affected", "versions": {"scheme": "generic", "value": "1.18 RTM"}}, {"platform": ["linux", "android"], "status": "affected", "versions": {"scheme": "generic", "value": "23.2 RTM"}}, {"platform": ["linux", "android"], "status": "affected", "versions": {"scheme": "generic", "value": "[24.1 RTM,24.2 RTM]"}}, {"platform": ["linux", "android"], "status": "affected", "versions": {"scheme": "generic", "value": "[25.1 RTM,25.3 RTM]"}}, {"platform": ["linux", "android"], "status": "unaffected", "versions": {"scheme": "generic", "value": "26.1 RTM"}}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "Graphics DDK", "source": "cna", "vendor": "Imagination Technologies"}, "product": "graphics_ddk", "vendor": "imaginationtech"}], "analysis": {"en": {"generated_at": "2026-03-23T16:24:56.182452+00:00", "value": {"mitigation_remediation": ["Check Imagination Technologies for a vendor patch or update for the Graphics DDK", "Apply the updated patch if available", "If no patch is available, restrict access to the DDK kernel module IOCTL interface and run GPU drivers with the least privilege necessary", "Monitor system logs for suspicious IOCTL activity and consider disabling or blocking the interface if feasible"], "summary": {"action": "Immediate Patch", "impact": "Remote code execution through arbitrary physical memory writes via DDK IOCTL misuse"}, "threat_synthesis": {"affected_systems": "Imagination Technologies Graphics DDK is affected. No specific version information is provided in the data, so any installation of the product that includes the DDK kernel module is potentially vulnerable.", "description_and_impact": "The vulnerability allows malware to misuse the Graphics DDK kernel module IOCTL interface to perform writes to arbitrary physical memory pages, thereby subverting the GPU's behavior. This unsynchronised concurrent access to a shared resource creates a race condition that can be exploited to trigger write operations outside the intended memory boundaries. The result is the potential for arbitrary code execution or other malicious actions on the host system.", "risk_and_exploitability": "With a CVSS score of 7.8 the vulnerability is considered high severity, but the EPSS score is less than 1%, indicating a low likelihood of active exploitation currently. The vulnerability is not listed in the CISA KEV catalog. Attackers need to deliver code that can call the unsupported IOCTL, typically requiring local or privileged access to the host system. If successful, the exploit can read or write arbitrary kernel memory, enabling attackers to compromise confidentiality, integrity, or availability of the affected system."}}}}, "created": "2026-03-23T09:52:10.052927+00:00", "updated": "2026-03-25T14:34:01.845777+00:00", "vendors": ["imaginationtech", "imaginationtech$PRODUCT$graphics_ddk"]}