CVE-2026-34193

Vulnerability

The vulnerability exists within the GPU driver's address translation logic, where improper command handling allows a Guest or Host VM kernel to trigger writes outside of the intended GPU memory boundaries. This flaw stems from a failure to correctly validate memory access requests before they are processed by the GPU firmware [1].

Exploitation

An attacker must have control over the Host or Guest kernel to issue malicious commands to the GPU firmware. By crafting specific, improper commands, the attacker can exploit the address translation logic to bypass memory isolation and perform unauthorized write operations to firmware-protected memory regions [1].

Impact

Successful exploitation of this vulnerability allows a compromised kernel to perform arbitrary writes to firmware memory. This can lead to a loss of integrity and confidentiality of the GPU firmware, potentially allowing an attacker to escalate privileges or gain control over secure GPU operations [1].

Mitigation

Not yet disclosed in the available references. Users are advised to monitor official Imagination Technologies security advisories for updates regarding the affected GPU DDK versions [1].