Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Graphics DDK — Vulnerabilities & Security Advisories 70

All 70 CVE vulnerabilities found in Graphics DDK, with AI-generated Chinese analysis, references, and POCs.

This page aggregates Common Weakness Enumeration (CWE) vulnerabilities associated with the Graphics DDK product from its respective vendor. It collects a comprehensive range of security flaws, including buffer overflows, memory corruption issues, privilege escalation vulnerabilities, and improper input validation errors. The data covers vulnerability disclosures and advisories published from 2018 through the present date, ensuring a broad historical perspective on security trends for this specific development kit. By browsing this aggregation, you can track a vendor's advisory history to understand their patching cadence and response times. You can also explore the details of a specific weakness class to identify recurring patterns and root causes within the Graphics DDK ecosystem. Additionally, this resource allows you to look up a product's vulnerability history to assess long-term stability and security posture. The information is organized to facilitate efficient searching and comparison, helping security professionals and developers identify potential risks before they impact production environments. Understanding these aggregated weaknesses provides critical context for risk assessment and helps in prioritizing remediation efforts. This page serves as a centralized reference point for analyzing the security landscape of the Graphics DDK, enabling stakeholders to make informed decisions based on historical data and current threat intelligence without needing to sift through fragmented sources.

Vendor: Imagination Technologies

CVE IDTitleCVSSSeverityPublished
CVE-2026-45195 GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted CWE-280--2026-06-26
CVE-2026-21734 GPU DDK - libusc OOB write at TreeRemove during WebGPU shader compilation CWE-823--2026-06-26
CVE-2026-41156 GPU DDK - kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firmware address without holding reference CWE-416--2026-06-19
CVE-2026-34192 GPU DDK - _MMU_AllocLevel error recovery paths leave dangling page table entries CWE-416--2026-06-19
CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink CWE-416--2026-06-12
CVE-2026-41157 GPU DDK - OOB Write in CalculateNPOTTwiddleSparsePageMap3D CWE-787--2026-06-12
CVE-2026-41155 GPU DDK - SharedSecMem mapped into all GPU virtual address spaces CWE-653--2026-06-12
CVE-2026-34195 GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes CWE-787--2026-06-12
CVE-2026-34194 GPU DDK - UAF read and/or write to arbitrary physical pages in DevmemIntChangeSparse due to incorrect calculation of the virtual index count CWE-468--2026-06-08
CVE-2026-22164 GPU DDK - Kernel heap OOB write in DevmemIntComputeVirtualIndicesFromLogical CWE-122--2026-06-08
CVE-2026-34193 GPU DDK - Arbitrary write via UFO updates due insufficient pointer validation in rgxfw_to_ptr() CWE-823--2026-06-01
CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable CWE-416 8.8 -2026-05-01
CVE-2026-22165 GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs CWE-416 8.8 -2026-05-01
CVE-2026-22167 GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory CWE-119 7.8 -2026-05-01
CVE-2026-21733 GPU DDK - Incorrect flags validation in RGXDerivePTEProt8 can allow GPU to overwrite read-only shared memory (e.g. libc.so) CWE-280 7.1AIHighAI2026-04-17
CVE-2026-22163 GPU DDK - Unsafe writing of MMU PT entries on systems with 32-bit host CPU CWE-820 8.4 -2026-03-20
CVE-2026-21732 GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation CWE-823 8.1 -2026-03-20
CVE-2026-21736 GPU DDK - Insufficient permission check in PhysmemWrapExtMem() when write attribute support enabled CWE-280 7.1AIHighAI2026-03-09
CVE-2025-13952 GPU DDK - libusc UAF via WebGPU shaders at MergeConsecutiveBarriersBP CWE-416 9.8 -2026-01-24
CVE-2025-10865 GPU DDK - DevmemIntGetReservationData does not ref the PMR it returns CWE-416 7.8AIHighAI2026-01-13
CVE-2025-58411 GPU DDK - Reservation::psMappedPMR can change while used by a freelist -> UAF CWE-416 7.8AIHighAI2026-01-13
CVE-2025-58409 GPU DDK - Disguised freelist buffers passed to RGXCreateHWRTDataSet can cause arbitrary physical memory writes corrupting memory CWE-119 7.8AIHighAI2026-01-13
CVE-2025-25176 GPU DDK - GPU Register value contents leaked from secure workloads to non-secure world CWE-668 8.1AIHighAI2026-01-13
CVE-2025-58408 GPU DDK - KASAN Read UAF in the PVRSRVBridgeRGXSubmitTransfer2 due to improper error handling code CWE-416 5.5AIMediumAI2025-12-01
CVE-2025-58407 GPU DDK - TOCTOU bug affecting psFWMemContext->uiPageCatBaseRegSet CWE-367 7.8AIHighAI2025-11-17
CVE-2025-58410 GPU DDK - Multiple calls into PhysmemGEMPrimeExport can inherit write access permission for an existing read-only dma_buf import PMR CWE-280 7.8AIHighAI2025-11-17
CVE-2025-46711 GPU DDK - NULL Pointer dereference occurs in LockHandle on bridge entry when connection misused CWE-476 5.5AIMediumAI2025-09-22
CVE-2025-25177 GPU DDK - Roll-back of pvr_exp_fence not in finalised state can cause UAF CWE-416 7.8AIHighAI2025-09-22
CVE-2025-46709 GPU DDK - Security fix for PP-171570 can lead to an uninitialised pointer dereference and memory leak CWE-416 7.1 -2025-08-08
CVE-2025-6573 GPU DDK - RGXFW_CTL.pui8FWScratchBuf Leak/Overwrite CWE-280 5.5 -2025-08-08

All 70 known CVE vulnerabilities affecting Graphics DDK with full Chinese analysis, references, and POCs where available.