CVE-2026-34195 PUBLISHED

GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes

Assigner: imaginationtech
Reserved: 26.03.2026 Published: 12.06.2026 Updated: 12.06.2026

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel.

The product incorrectly indexes internal state when performing sparse allocation remapping.

Product Status

Vendor Imagination Technologies
Product Graphics DDK
Versions Default: unknown
  • Version 1.18 RTM is unaffected
  • Version 23.2 RTM is unaffected
  • Version 24.2 RTM is affected
  • affected from 25.1 RTM to 25.3 RTM (incl.)
  • Version 26.1 RTM is unaffected
  • Version 26.2 RTM is unaffected

References

Problem Types

  • CWE-787: Out-of-bounds Write CWE

Impacts

  • CAPEC-8: Buffer Overflow in an API Call