CVE-2026-21734: CWE-823: Use of Out-of-range Pointer Offset (4.16) in Imagination Technologies Graphics DDK
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An edge case using a very small value in GPU shader code can cause a segmentation fault in the GPU shader compiler due to am out-of-bounds write.
AI Analysis
Technical Summary
This vulnerability involves a use of out-of-range pointer offset (CWE-823) in the GPU shader compiler library of Imagination Technologies Graphics DDK. Specifically, unusual GPU shader code containing a very small value can cause an out-of-bounds write leading to a crash (segmentation fault) in the compiler process. The issue arises during the compilation of GPU shader code loaded from a web page. On certain platforms where the compiler process has system-level privileges, this could enable escalation of privileges or other exploits.
Potential Impact
The vulnerability can cause a crash of the GPU shader compiler process due to an out-of-bounds write. On platforms where the compiler process runs with system privileges, this crash could be exploited to achieve further compromise of the device. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround has been documented. Users should monitor for vendor updates and advisories from Imagination Technologies regarding this issue.
CVE-2026-21734: CWE-823: Use of Out-of-range Pointer Offset (4.16) in Imagination Technologies Graphics DDK
Description
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An edge case using a very small value in GPU shader code can cause a segmentation fault in the GPU shader compiler due to am out-of-bounds write.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a use of out-of-range pointer offset (CWE-823) in the GPU shader compiler library of Imagination Technologies Graphics DDK. Specifically, unusual GPU shader code containing a very small value can cause an out-of-bounds write leading to a crash (segmentation fault) in the compiler process. The issue arises during the compilation of GPU shader code loaded from a web page. On certain platforms where the compiler process has system-level privileges, this could enable escalation of privileges or other exploits.
Potential Impact
The vulnerability can cause a crash of the GPU shader compiler process due to an out-of-bounds write. On platforms where the compiler process runs with system privileges, this crash could be exploited to achieve further compromise of the device. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround has been documented. Users should monitor for vendor updates and advisories from Imagination Technologies regarding this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- imaginationtech
- Date Reserved
- 2026-01-05T11:57:27.258Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3ea39f6e08203f7db8ff87
Added to database: 06/26/2026, 16:06:55 UTC
Last enriched: 06/26/2026, 16:22:31 UTC
Last updated: 06/26/2026, 18:34:33 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.