CVE-2026-22166: CWE-416: Use After Free in Imagination Technologies Graphics DDK
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the system.
AI Analysis
Technical Summary
This vulnerability involves a use-after-free condition in the GPU GLES user-space shared library of Imagination Technologies Graphics DDK. It is triggered by specific WebGPU content loaded into the GPU GLES render process, leading to a write use-after-free crash. The issue affects multiple released versions of the Graphics DDK. The vulnerability could be leveraged for further exploitation on systems where the graphics workload process has system-level privileges. No CVSS score or vendor advisory with remediation details is currently available.
Potential Impact
The vulnerability can cause a write use-after-free crash in the GPU GLES user-space shared library, potentially leading to system instability or crashes. On platforms where the affected process has system privileges, this could enable subsequent exploitation, increasing the risk of privilege escalation or arbitrary code execution. However, no known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should monitor for updates from Imagination Technologies. No specific mitigations or workarounds are documented at this time.
CVE-2026-22166: CWE-416: Use After Free in Imagination Technologies Graphics DDK
Description
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the system.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a use-after-free condition in the GPU GLES user-space shared library of Imagination Technologies Graphics DDK. It is triggered by specific WebGPU content loaded into the GPU GLES render process, leading to a write use-after-free crash. The issue affects multiple released versions of the Graphics DDK. The vulnerability could be leveraged for further exploitation on systems where the graphics workload process has system-level privileges. No CVSS score or vendor advisory with remediation details is currently available.
Potential Impact
The vulnerability can cause a write use-after-free crash in the GPU GLES user-space shared library, potentially leading to system instability or crashes. On platforms where the affected process has system privileges, this could enable subsequent exploitation, increasing the risk of privilege escalation or arbitrary code execution. However, no known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should monitor for updates from Imagination Technologies. No specific mitigations or workarounds are documented at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- imaginationtech
- Date Reserved
- 2026-01-06T15:50:36.205Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f4d323cbff5d861010f91a
Added to database: 5/1/2026, 4:21:55 PM
Last enriched: 5/1/2026, 4:36:51 PM
Last updated: 5/1/2026, 7:21:12 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.