CVE-2026-7639 PUBLISHED

GPU DDK - Page UAF read in PMMETA_PROTECT heap memory

Assigner: imaginationtech
Reserved: 01.05.2026 Published: 10.07.2026 Updated: 10.07.2026

Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code.

Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory.

Product Status

Vendor Imagination Technologies
Product Graphics DDK
Versions Default: unknown
  • Version 1.18 RTM2 is affected
  • Version 23.2 RTM2 is affected
  • Version 24.2 RTM2 is affected
  • affected from 25.1 RTM2 to 25.3 RTM (incl.)
  • Version 26.1 RTM1 is affected
  • Version 26.1 RTM2 is unaffected

References

Problem Types

  • CWE-459: Incomplete Cleanup CWE

Impacts

  • CAPEC-554: Functionality Bypass