Kernel Module Vulnerability in Imagination Technologies GPU Driver
CVE-2026-22163

7.8HIGH

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 20 March 2026

🔔 Create Imagination Technologies Vulnerability Alert

What is CVE-2026-22163?

This vulnerability allows attackers to exploit the DDK kernel module's IOCTL interface, which can be misused for unauthorized memory access. Due to the lack of synchronization in accessing shared resources, potential adversaries may hijack GPU operations to write to arbitrary physical memory pages, leading to severe security implications. This situation emphasizes the critical need for proper access controls and synchronization mechanisms within driver architectures.

Affected Version(s)

Graphics DDK Linux 1.17 RTM

Graphics DDK Linux 1.18 RTM

Graphics DDK Linux 23.2 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2026
Vulnerability Reserved
Jan 6, 2026

CVE-2026-22163 Data

JSON