Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Imagination Technologies — Vulnerabilities & Security Advisories 59

Browse all 59 CVE security advisories affecting Imagination Technologies. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Imagination Technologies specializes in graphics processing units and multimedia technologies, primarily supplying intellectual property licenses to semiconductor manufacturers for embedded systems and mobile devices. With fifty-nine recorded Common Vulnerabilities and Exposures, the company’s historical attack surface has predominantly featured remote code execution and buffer overflow flaws within its proprietary middleware and driver software. These vulnerabilities often stem from insufficient input validation in image processing pipelines, allowing attackers to escalate privileges or execute arbitrary code on affected endpoints. While no single catastrophic breach has defined the firm’s public security narrative, the cumulative impact of these CVEs highlights risks in its embedded software stack. Security assessments indicate that many issues were resolved through routine firmware updates, yet the persistent presence of memory corruption bugs suggests ongoing challenges in securing complex, low-level hardware abstractions used across diverse consumer electronics.

Top products by Imagination Technologies: Graphics DDK
CVE IDTitleCVSSSeverityPublished
CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable — Graphics DDKCWE-416 8.8 -2026-05-01
CVE-2026-22165 GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs — Graphics DDKCWE-416 8.8 -2026-05-01
CVE-2026-22167 GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory — Graphics DDKCWE-119 7.8 -2026-05-01
CVE-2026-21733 RESERVED — Graphics DDK 7.1AIHighAI2026-04-17
CVE-2026-22163 GPU DDK - Unsafe writing of MMU PT entries on systems with 32-bit host CPU — Graphics DDKCWE-820 8.4 -2026-03-20
CVE-2026-21732 GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation — Graphics DDKCWE-823 8.1 -2026-03-20
CVE-2026-21736 GPU DDK - Insufficient permission check in PhysmemWrapExtMem() when write attribute support enabled — Graphics DDKCWE-280 7.1AIHighAI2026-03-09
CVE-2025-13952 GPU DDK - libusc UAF via WebGPU shaders at MergeConsecutiveBarriersBP — Graphics DDKCWE-416 9.8 -2026-01-24
CVE-2025-10865 GPU DDK - DevmemIntGetReservationData does not ref the PMR it returns — Graphics DDKCWE-416 7.8AIHighAI2026-01-13
CVE-2025-58411 GPU DDK - Reservation::psMappedPMR can change while used by a freelist -> UAF — Graphics DDKCWE-416 7.8AIHighAI2026-01-13
CVE-2025-58409 GPU DDK - Disguised freelist buffers passed to RGXCreateHWRTDataSet can cause arbitrary physical memory writes corrupting memory — Graphics DDKCWE-119 7.8AIHighAI2026-01-13
CVE-2025-25176 GPU DDK - GPU Register value contents leaked from secure workloads to non-secure world — Graphics DDKCWE-668 8.1AIHighAI2026-01-13
CVE-2025-58408 GPU DDK - KASAN Read UAF in the PVRSRVBridgeRGXSubmitTransfer2 due to improper error handling code — Graphics DDKCWE-416 5.5AIMediumAI2025-12-01
CVE-2025-58407 GPU DDK - TOCTOU bug affecting psFWMemContext->uiPageCatBaseRegSet — Graphics DDKCWE-367 7.8AIHighAI2025-11-17
CVE-2025-58410 GPU DDK - Multiple calls into PhysmemGEMPrimeExport can inherit write access permission for an existing read-only dma_buf import PMR — Graphics DDKCWE-280 7.8AIHighAI2025-11-17
CVE-2025-46711 GPU DDK - NULL Pointer dereference occurs in LockHandle on bridge entry when connection misused — Graphics DDKCWE-476 5.5AIMediumAI2025-09-22
CVE-2025-25177 GPU DDK - Roll-back of pvr_exp_fence not in finalised state can cause UAF — Graphics DDKCWE-416 7.8AIHighAI2025-09-22
CVE-2025-46709 GPU DDK - Security fix for PP-171570 can lead to an uninitialised pointer dereference and memory leak — Graphics DDKCWE-416 7.1 -2025-08-08
CVE-2025-6573 GPU DDK - RGXFW_CTL.pui8FWScratchBuf Leak/Overwrite — Graphics DDKCWE-280 5.5 -2025-08-08
CVE-2025-8109 GPU DDK - GPU shader shared memory corrupted using ptrace to disrupt GPU operation — Graphics DDKCWE-280 7.1AIHighAI2025-08-04
CVE-2025-25180 GPU DDK - Insufficient validation in RGXCREATEFREELIST creates corrupt freelist — Graphics DDKCWE-823 5.5AIMediumAI2025-07-14
CVE-2025-46708 GPU DDK - Guest VM can delay the FW and GPU from processing workloads from other VMs — Graphics DDKCWE-280 5.5AIMediumAI2025-06-27
CVE-2025-46707 GPU DDK - Guest VM can override its own FW VZ connection state after the FW has close it — Graphics DDKCWE-668 7.8AIHighAI2025-06-27
CVE-2025-46710 Imagination GPU Driver 安全漏洞 — Graphics DDKCWE-416 7.8AIHighAI2025-06-16
CVE-2025-25179 GPU DDK - Freelist GPU VA can be remapped to another reservation/PMR to trigger GPU arbitrary write to physical memory — Graphics DDKCWE-280 7.8AIHighAI2025-06-02
CVE-2024-47893 GPU DDK - OOB read and write of the shared KMD/FW memory heap (VZ/TEE setups) — Graphics DDKCWE-823 8.4AIHighAI2025-05-17
CVE-2025-1706 GPU DDK - Improper locking when accessing the pvr_exp_fence object — Graphics DDKCWE-416 7.8AIHighAI2025-05-17
CVE-2025-0467 GPU DDK - rgxfw_hwperf_get_packet_buffer OOB write — Graphics DDKCWE-823 7.8 -2025-04-18
CVE-2025-25178 GPU DDK - PhysmemWrapExtMem uiSize=0 corrupts kernel memory — Graphics DDKCWE-1284 7.8AIHighAI2025-04-04
CVE-2025-0468 GPU DDK - ui64RobustnessAddress can overwrite Freelist / HWRT (and bypass PMMETA) — Graphics DDKCWE-280 5.5AIMediumAI2025-04-04

This page lists every published CVE security advisory associated with Imagination Technologies. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.