CVE-2026-22167: CWE - CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer (4.18) in Imagination Technologies Graphics DDK
CVE-2026-22167 is a vulnerability in Imagination Technologies Graphics DDK where software running as a non-privileged user can cause the GPU to write to arbitrary physical memory pages. This improper restriction of operations within memory buffers can lead to corruption of kernel and driver memory pages, potentially altering their behavior. The vulnerability arises from improper GPU system calls that allow write operations on restricted internal GPU buffers, causing second-order effects on arbitrary physical memory. No patch or official remediation has been confirmed yet. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-22167) in Imagination Technologies Graphics DDK involves improper restriction of operations within the bounds of a memory buffer (CWE-119). Specifically, non-privileged software can exploit GPU system calls to force the GPU to write to arbitrary physical memory pages, including those used by the kernel and other drivers. This can corrupt critical memory areas and alter system behavior. Affected versions include 1.18 RTM, 23.2 RTM, 24.1 RTM, and 25.1 RTM. The vulnerability is published but lacks a CVSS score and official remediation guidance. The vendor has not provided a patch or advisory indicating fix status.
Potential Impact
The vulnerability allows non-privileged software to cause the GPU to write to arbitrary physical memory, potentially corrupting kernel and driver memory pages. This could lead to altered system behavior and compromise system stability or security. No known exploits have been reported in the wild, but the potential impact includes unauthorized memory corruption at a low privilege level.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict untrusted software from accessing the GPU driver interfaces and monitor for updates from Imagination Technologies regarding patches or mitigations.
CVE-2026-22167: CWE - CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer (4.18) in Imagination Technologies Graphics DDK
Description
CVE-2026-22167 is a vulnerability in Imagination Technologies Graphics DDK where software running as a non-privileged user can cause the GPU to write to arbitrary physical memory pages. This improper restriction of operations within memory buffers can lead to corruption of kernel and driver memory pages, potentially altering their behavior. The vulnerability arises from improper GPU system calls that allow write operations on restricted internal GPU buffers, causing second-order effects on arbitrary physical memory. No patch or official remediation has been confirmed yet. There are no known exploits in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-22167) in Imagination Technologies Graphics DDK involves improper restriction of operations within the bounds of a memory buffer (CWE-119). Specifically, non-privileged software can exploit GPU system calls to force the GPU to write to arbitrary physical memory pages, including those used by the kernel and other drivers. This can corrupt critical memory areas and alter system behavior. Affected versions include 1.18 RTM, 23.2 RTM, 24.1 RTM, and 25.1 RTM. The vulnerability is published but lacks a CVSS score and official remediation guidance. The vendor has not provided a patch or advisory indicating fix status.
Potential Impact
The vulnerability allows non-privileged software to cause the GPU to write to arbitrary physical memory, potentially corrupting kernel and driver memory pages. This could lead to altered system behavior and compromise system stability or security. No known exploits have been reported in the wild, but the potential impact includes unauthorized memory corruption at a low privilege level.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict untrusted software from accessing the GPU driver interfaces and monitor for updates from Imagination Technologies regarding patches or mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- imaginationtech
- Date Reserved
- 2026-01-06T15:50:36.205Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f4d323cbff5d861010f91d
Added to database: 5/1/2026, 4:21:55 PM
Last enriched: 5/1/2026, 4:36:44 PM
Last updated: 5/1/2026, 5:49:47 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.