GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes
CVE-2026-34195

Currently unrated

Key Information:

Vendor

Imagination Technologies

Status
Graphics Ddk
Vendor
CVE Published:
12 June 2026

What is CVE-2026-34195?

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel.

The product incorrectly indexes internal state when performing sparse allocation remapping.

Affected Version(s)

Graphics DDK Linux 24.2 RTM

Graphics DDK Linux 25.1 RTM <= 25.3 RTM

Graphics DDK Linux 1.18 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.