Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Graphics DDK — Vulnerabilities & Security Advisories 66

All 66 CVE vulnerabilities found in Graphics DDK, with AI-generated Chinese analysis, references, and POCs.

This page catalogs Common Vulnerabilities and Exposures related to the Graphics Driver Development Kit product category. It aggregates security weakness data specifically targeting the software tools and libraries used by developers to create and optimize graphics drivers for various hardware platforms. The collection encompasses a wide range of vulnerability types, including buffer overflows, integer overflows, use-after-free errors, and race conditions that may arise in driver logic or memory management routines. The time range covered spans from 2010 to the present, providing a comprehensive historical view of security issues identified in this domain. Here, users can track vendor security advisories for major graphics hardware manufacturers and see how specific vendors have responded to disclosed issues over time. Readers can also gain a deeper understanding of common weakness classes frequently exploited in graphics subsystems, such as those defined by CWE categories. Additionally, the page allows for looking up a specific product’s vulnerability history, enabling developers and security analysts to assess the long-term security posture of different Graphics DDK versions. This resource serves as a reference for identifying patterns in defect introductions and remediation efforts, helping organizations prioritize patching and mitigation strategies for their graphics infrastructure.

Vendor: Imagination Technologies

CVE IDTitleCVSSSeverityPublished
CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink CWE-416--2026-06-12
CVE-2026-41157 GPU DDK - OOB Write in CalculateNPOTTwiddleSparsePageMap3D CWE-787--2026-06-12
CVE-2026-41155 GPU DDK - SharedSecMem mapped into all GPU virtual address spaces CWE-653--2026-06-12
CVE-2026-34195 GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes CWE-787--2026-06-12
CVE-2026-34194 GPU DDK - UAF read and/or write to arbitrary physical pages in DevmemIntChangeSparse due to incorrect calculation of the virtual index count CWE-468--2026-06-08
CVE-2026-22164 GPU DDK - Kernel heap OOB write in DevmemIntComputeVirtualIndicesFromLogical CWE-122--2026-06-08
CVE-2026-34193 GPU DDK - Arbitrary write via UFO updates due insufficient pointer validation in rgxfw_to_ptr() CWE-823--2026-06-01
CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable CWE-416 8.8 -2026-05-01
CVE-2026-22165 GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs CWE-416 8.8 -2026-05-01
CVE-2026-22167 GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory CWE-119 7.8 -2026-05-01
CVE-2026-21733 RESERVED 7.1AIHighAI2026-04-17
CVE-2026-22163 GPU DDK - Unsafe writing of MMU PT entries on systems with 32-bit host CPU CWE-820 8.4 -2026-03-20
CVE-2026-21732 GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation CWE-823 8.1 -2026-03-20
CVE-2026-21736 GPU DDK - Insufficient permission check in PhysmemWrapExtMem() when write attribute support enabled CWE-280 7.1AIHighAI2026-03-09
CVE-2025-13952 GPU DDK - libusc UAF via WebGPU shaders at MergeConsecutiveBarriersBP CWE-416 9.8 -2026-01-24
CVE-2025-10865 GPU DDK - DevmemIntGetReservationData does not ref the PMR it returns CWE-416 7.8AIHighAI2026-01-13
CVE-2025-58411 GPU DDK - Reservation::psMappedPMR can change while used by a freelist -> UAF CWE-416 7.8AIHighAI2026-01-13
CVE-2025-58409 GPU DDK - Disguised freelist buffers passed to RGXCreateHWRTDataSet can cause arbitrary physical memory writes corrupting memory CWE-119 7.8AIHighAI2026-01-13
CVE-2025-25176 GPU DDK - GPU Register value contents leaked from secure workloads to non-secure world CWE-668 8.1AIHighAI2026-01-13
CVE-2025-58408 GPU DDK - KASAN Read UAF in the PVRSRVBridgeRGXSubmitTransfer2 due to improper error handling code CWE-416 5.5AIMediumAI2025-12-01
CVE-2025-58407 GPU DDK - TOCTOU bug affecting psFWMemContext->uiPageCatBaseRegSet CWE-367 7.8AIHighAI2025-11-17
CVE-2025-58410 GPU DDK - Multiple calls into PhysmemGEMPrimeExport can inherit write access permission for an existing read-only dma_buf import PMR CWE-280 7.8AIHighAI2025-11-17
CVE-2025-46711 GPU DDK - NULL Pointer dereference occurs in LockHandle on bridge entry when connection misused CWE-476 5.5AIMediumAI2025-09-22
CVE-2025-25177 GPU DDK - Roll-back of pvr_exp_fence not in finalised state can cause UAF CWE-416 7.8AIHighAI2025-09-22
CVE-2025-46709 GPU DDK - Security fix for PP-171570 can lead to an uninitialised pointer dereference and memory leak CWE-416 7.1 -2025-08-08
CVE-2025-6573 GPU DDK - RGXFW_CTL.pui8FWScratchBuf Leak/Overwrite CWE-280 5.5 -2025-08-08
CVE-2025-8109 GPU DDK - GPU shader shared memory corrupted using ptrace to disrupt GPU operation CWE-280 7.1AIHighAI2025-08-04
CVE-2025-25180 GPU DDK - Insufficient validation in RGXCREATEFREELIST creates corrupt freelist CWE-823 5.5AIMediumAI2025-07-14
CVE-2025-46708 GPU DDK - Guest VM can delay the FW and GPU from processing workloads from other VMs CWE-280 5.5AIMediumAI2025-06-27
CVE-2025-46707 GPU DDK - Guest VM can override its own FW VZ connection state after the FW has close it CWE-668 7.8AIHighAI2025-06-27

All 66 known CVE vulnerabilities affecting Graphics DDK with full Chinese analysis, references, and POCs where available.