CVE-2026-45196 PUBLISHED

GPU DDK - Arbitrary GPU register write in rgxfw_hwperf_hw due to unsanitized pointers from host kernel

Assigner: imaginationtech
Reserved: 11.05.2026 Published: 10.07.2026 Updated: 10.07.2026

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation.

Product Status

Vendor Imagination Technologies
Product Graphics DDK
Versions Default: unknown
  • Version 1.18 RTM2 is affected
  • Version 23.2 RTM2 is affected
  • Version 24.2 RTM2 is affected
  • affected from 25.1 RTM2 to 25.3 RTM (incl.)
  • Version 26.1 RTM1 is affected
  • Version 26.1 RTM2 is unaffected

References

Problem Types

  • CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.15) CWE

Impacts

  • CAPEC-480: Escaping Virtualization (Version 3.9)