CVE-2026-21733 - Vulnerability Details

Vulnerability in Imagination Technologies Graphics DDK on Linux, Android -- RESERVED

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Imaginationtech	Graphics Ddk

No data.

References

Link	Providers
https://www.imaginationtech.com/gpu-driver-vulnerabilities/

History

Thu, 23 Apr 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-280

Thu, 23 Apr 2026 11:30:00 +0000

Type	Values Removed	Values Added
Description	Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections.	Vulnerability in Imagination Technologies Graphics DDK on Linux, Android -- RESERVED
Title	GPU DDK - Incorrect flags validation in RGXDerivePTEProt8 can allow GPU to overwrite read-only shared memory (e.g. libc.so)	RESERVED

Fri, 17 Apr 2026 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Imaginationtech Imaginationtech graphics Ddk
Vendors & Products		Imaginationtech Imaginationtech graphics Ddk

Fri, 17 Apr 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 17 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections.
Title		GPU DDK - Incorrect flags validation in RGXDerivePTEProt8 can allow GPU to overwrite read-only shared memory (e.g. libc.so)
Weaknesses		CWE-280
References		https://www.imaginationtech.com/gpu-driver-vulnerabilities/

MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published: 2026-04-17T16:08:25.661Z

Updated: 2026-04-23T10:52:18.501Z

Reserved: 2026-01-05T11:57:27.258Z

Link: CVE-2026-21733

Vulnrichment

Updated: 2026-04-17T17:19:31.532Z

NVD

Status : Awaiting Analysis

Published: 2026-04-17T17:16:35.220

Modified: 2026-04-23T12:17:01.500

Link: CVE-2026-21733

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object