CVE-2026-45195: CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.15) in Imagination Technologies Graphics DDK
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.
AI Analysis
Technical Summary
This vulnerability involves improper handling of insufficient permissions or privileges (CWE-280) in the Imagination Technologies Graphics DDK. Specifically, kernel software inside a Host VM can post commands to the GPU Firmware that cause memory access outside the authorized range. The GPU Firmware may then perform privileged memory operations based on these addresses, potentially violating system memory protection boundaries.
Potential Impact
The impact is that a compromised or malicious kernel component inside a Host VM could cause the GPU Firmware to access memory regions beyond its permitted scope. This could lead to unauthorized memory reads or writes, potentially compromising system integrity or confidentiality. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary mitigation has been documented at this time.
CVE-2026-45195: CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.15) in Imagination Technologies Graphics DDK
Description
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper handling of insufficient permissions or privileges (CWE-280) in the Imagination Technologies Graphics DDK. Specifically, kernel software inside a Host VM can post commands to the GPU Firmware that cause memory access outside the authorized range. The GPU Firmware may then perform privileged memory operations based on these addresses, potentially violating system memory protection boundaries.
Potential Impact
The impact is that a compromised or malicious kernel component inside a Host VM could cause the GPU Firmware to access memory regions beyond its permitted scope. This could lead to unauthorized memory reads or writes, potentially compromising system integrity or confidentiality. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary mitigation has been documented at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- imaginationtech
- Date Reserved
- 2026-05-11T10:58:04.162Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3ea39f6e08203f7db8ff8e
Added to database: 06/26/2026, 16:06:55 UTC
Last enriched: 06/26/2026, 16:22:21 UTC
Last updated: 06/26/2026, 18:34:39 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.