Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Imagination Technologies — Vulnerabilities & Security Advisories 68

Browse all 68 CVE security advisories affecting Imagination Technologies. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Imagination Technologies specializes in graphics processing units and multimedia technologies, primarily supplying intellectual property licenses to semiconductor manufacturers for embedded systems and mobile devices. With fifty-nine recorded Common Vulnerabilities and Exposures, the company’s historical attack surface has predominantly featured remote code execution and buffer overflow flaws within its proprietary middleware and driver software. These vulnerabilities often stem from insufficient input validation in image processing pipelines, allowing attackers to escalate privileges or execute arbitrary code on affected endpoints. While no single catastrophic breach has defined the firm’s public security narrative, the cumulative impact of these CVEs highlights risks in its embedded software stack. Security assessments indicate that many issues were resolved through routine firmware updates, yet the persistent presence of memory corruption bugs suggests ongoing challenges in securing complex, low-level hardware abstractions used across diverse consumer electronics.

Top products by Imagination Technologies: Graphics DDK
CVE IDTitleCVSSSeverityPublished
CVE-2026-41156 GPU DDK - kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firmware address without holding reference — Graphics DDKCWE-416--2026-06-19
CVE-2026-34192 GPU DDK - _MMU_AllocLevel error recovery paths leave dangling page table entries — Graphics DDKCWE-416--2026-06-19
CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink — Graphics DDKCWE-416--2026-06-12
CVE-2026-41157 GPU DDK - OOB Write in CalculateNPOTTwiddleSparsePageMap3D — Graphics DDKCWE-787--2026-06-12
CVE-2026-41155 GPU DDK - SharedSecMem mapped into all GPU virtual address spaces — Graphics DDKCWE-653--2026-06-12
CVE-2026-34195 GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes — Graphics DDKCWE-787--2026-06-12
CVE-2026-34194 GPU DDK - UAF read and/or write to arbitrary physical pages in DevmemIntChangeSparse due to incorrect calculation of the virtual index count — Graphics DDKCWE-468--2026-06-08
CVE-2026-22164 GPU DDK - Kernel heap OOB write in DevmemIntComputeVirtualIndicesFromLogical — Graphics DDKCWE-122--2026-06-08
CVE-2026-34193 GPU DDK - Arbitrary write via UFO updates due insufficient pointer validation in rgxfw_to_ptr() — Graphics DDKCWE-823--2026-06-01
CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable — Graphics DDKCWE-416 8.8 -2026-05-01
CVE-2026-22165 GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs — Graphics DDKCWE-416 8.8 -2026-05-01
CVE-2026-22167 GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory — Graphics DDKCWE-119 7.8 -2026-05-01
CVE-2026-21733 RESERVED — Graphics DDK 7.1AIHighAI2026-04-17
CVE-2026-22163 GPU DDK - Unsafe writing of MMU PT entries on systems with 32-bit host CPU — Graphics DDKCWE-820 8.4 -2026-03-20
CVE-2026-21732 GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation — Graphics DDKCWE-823 8.1 -2026-03-20
CVE-2026-21736 GPU DDK - Insufficient permission check in PhysmemWrapExtMem() when write attribute support enabled — Graphics DDKCWE-280 7.1AIHighAI2026-03-09
CVE-2025-13952 GPU DDK - libusc UAF via WebGPU shaders at MergeConsecutiveBarriersBP — Graphics DDKCWE-416 9.8 -2026-01-24
CVE-2025-10865 GPU DDK - DevmemIntGetReservationData does not ref the PMR it returns — Graphics DDKCWE-416 7.8AIHighAI2026-01-13
CVE-2025-58411 GPU DDK - Reservation::psMappedPMR can change while used by a freelist -> UAF — Graphics DDKCWE-416 7.8AIHighAI2026-01-13
CVE-2025-58409 GPU DDK - Disguised freelist buffers passed to RGXCreateHWRTDataSet can cause arbitrary physical memory writes corrupting memory — Graphics DDKCWE-119 7.8AIHighAI2026-01-13
CVE-2025-25176 GPU DDK - GPU Register value contents leaked from secure workloads to non-secure world — Graphics DDKCWE-668 8.1AIHighAI2026-01-13
CVE-2025-58408 GPU DDK - KASAN Read UAF in the PVRSRVBridgeRGXSubmitTransfer2 due to improper error handling code — Graphics DDKCWE-416 5.5AIMediumAI2025-12-01
CVE-2025-58407 GPU DDK - TOCTOU bug affecting psFWMemContext->uiPageCatBaseRegSet — Graphics DDKCWE-367 7.8AIHighAI2025-11-17
CVE-2025-58410 GPU DDK - Multiple calls into PhysmemGEMPrimeExport can inherit write access permission for an existing read-only dma_buf import PMR — Graphics DDKCWE-280 7.8AIHighAI2025-11-17
CVE-2025-46711 GPU DDK - NULL Pointer dereference occurs in LockHandle on bridge entry when connection misused — Graphics DDKCWE-476 5.5AIMediumAI2025-09-22
CVE-2025-25177 GPU DDK - Roll-back of pvr_exp_fence not in finalised state can cause UAF — Graphics DDKCWE-416 7.8AIHighAI2025-09-22
CVE-2025-46709 GPU DDK - Security fix for PP-171570 can lead to an uninitialised pointer dereference and memory leak — Graphics DDKCWE-416 7.1 -2025-08-08
CVE-2025-6573 GPU DDK - RGXFW_CTL.pui8FWScratchBuf Leak/Overwrite — Graphics DDKCWE-280 5.5 -2025-08-08
CVE-2025-8109 GPU DDK - GPU shader shared memory corrupted using ptrace to disrupt GPU operation — Graphics DDKCWE-280 7.1AIHighAI2025-08-04
CVE-2025-25180 GPU DDK - Insufficient validation in RGXCREATEFREELIST creates corrupt freelist — Graphics DDKCWE-823 5.5AIMediumAI2025-07-14

This page lists every published CVE security advisory associated with Imagination Technologies. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.