VYPR
← All advisories
High severity7.8NVD Advisory· Published May 1, 2026· Updated May 6, 2026

CVE-2026-22167

CVE-2026-22167

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages.

Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.

This attack can lead the GPU to perform write operations on restricted internal GPU buffers that can lead to a second order affect of corrupted arbitrary physical memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Imagination GPU driver allows non-privileged users to force arbitrary physical memory writes via improper GPU system calls, enabling kernel memory corruption.

Vulnerability

Details The vulnerability in Imagination Technologies GPU driver stems from improper validation of GPU system calls made by non-privileged user-space software. Specifically, the driver fails to restrict GPU write operations to only allocated memory regions, allowing the GPU to write to arbitrary physical memory pages. This includes memory not allocated by the GPU driver, such as kernel memory and pages used by other drivers. [1]

Exploitation

An attacker with local access to a system running an affected Imagination GPU driver can exploit this by running specially crafted software that issues improper GPU system calls. No special privileges are required beyond the ability to execute user-space code. The GPU then performs unauthorized writes to physical memory, bypassing standard memory protection mechanisms.

Impact

Successful exploitation allows the attacker to corrupt data pages in use by the kernel and other drivers, potentially altering system behavior, leading to privilege escalation, denial of service, or information disclosure. The attack can also affect restricted internal GPU buffers, causing secondary corruption.

Mitigation

Imagination has addressed this vulnerability in a driver update. Users should apply the latest GPU driver version from the vendor to mitigate the risk. The vulnerability is considered high severity (CVSS 7.8). [1]

References
  1. Imagination GPU Driver Vulnerabilities - Imagination

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.