{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21732", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "state": "PUBLISHED", "assignerShortName": "imaginationtech", "dateReserved": "2026-01-05T11:57:27.257Z", "datePublished": "2026-03-20T22:48:42.695Z", "dateUpdated": "2026-03-23T15:03:50.302Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2026-03-20T22:48:42.695Z"}, "title": "GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-823", "description": "CWE-823: Use of Out-of-range Pointer Offset (4.16)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-113", "descriptions": [{"lang": "en", "value": "CAPEC-113: Interface Manipulation (Version 3.9)"}]}], "affected": [{"vendor": "Imagination Technologies", "product": "Graphics DDK", "platforms": ["Linux", "Android"], "versions": [{"status": "unaffected", "version": "1.17 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "1.18 RTM", "versionType": "custom"}, {"status": "affected", "version": "23.2 RTM", "versionType": "custom"}, {"status": "affected", "version": "24.1 RTM", "lessThanOrEqual": "25.1 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "25.2 RTM", "versionType": "custom"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\n\n\nAn edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n<br>\n<br>An edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access."}]}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:03:27.343812Z", "id": "CVE-2026-21732", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:03:50.302Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-21732", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T15:03:27.343812Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:02:50.205Z"}}], "cna": {"title": "GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-113", "descriptions": [{"lang": "en", "value": "CAPEC-113: Interface Manipulation (Version 3.9)"}]}], "affected": [{"vendor": "Imagination Technologies", "product": "Graphics DDK", "versions": [{"status": "unaffected", "version": "1.17 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "1.18 RTM", "versionType": "custom"}, {"status": "affected", "version": "23.2 RTM", "versionType": "custom"}, {"status": "affected", "version": "24.1 RTM", "versionType": "custom", "lessThanOrEqual": "25.1 RTM"}, {"status": "unaffected", "version": "25.2 RTM", "versionType": "custom"}], "platforms": ["Linux", "Android"], "defaultStatus": "unknown"}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\n\n\nAn edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access.", "supportingMedia": [{"type": "text/html", "value": "A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n<br>\n<br>An edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-823", "description": "CWE-823: Use of Out-of-range Pointer Offset (4.16)"}]}], "providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2026-03-20T22:48:42.695Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21732", "state": "PUBLISHED", "dateUpdated": "2026-03-23T15:03:50.302Z", "dateReserved": "2026-01-05T11:57:27.257Z", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "datePublished": "2026-03-20T22:48:42.695Z", "assignerShortName": "imaginationtech"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\n\n\nAn edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access."}], "id": "CVE-2026-21732", "lastModified": "2026-03-23T15:16:31.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-20T23:16:42.480", "references": [{"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-823"}], "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "android"], "status": "unaffected", "versions": {"scheme": "generic", "value": "1.17 RTM"}}, {"platform": ["linux", "android"], "status": "unaffected", "versions": {"scheme": "generic", "value": "1.18 RTM"}}, {"platform": ["linux", "android"], "status": "affected", "versions": {"scheme": "generic", "value": "23.2 RTM"}}, {"platform": ["linux", "android"], "status": "affected", "versions": {"scheme": "generic", "value": "[24.1 RTM,25.1 RTM]"}}, {"platform": ["linux", "android"], "status": "unaffected", "versions": {"scheme": "generic", "value": "25.2 RTM"}}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "Graphics DDK", "source": "cna", "vendor": "Imagination Technologies"}, "product": "graphics_ddk", "vendor": "imaginationtech"}], "analysis": {"en": {"generated_at": "2026-03-23T16:51:56.462654+00:00", "value": {"mitigation_remediation": ["Update the Imagination Technologies Graphics DDK to the latest release or apply any available patch as soon as it is released.", "If a patch is not yet available, restrict the GPU compiler process to non\u2011privileged execution or remove system privileges where possible.", "Monitor the vendor\u2019s website and security advisories for updates or work\u2011arounds."], "summary": {"action": "Apply patch", "impact": "Potential remote code execution via privileged GPU shader compiler"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the entire Imagination Technologies Graphics DDK across all platforms that use its GPU shader compiler. No specific version details are listed, so any device running this DDK is potentially exposed, particularly where the compiler process may possess system\u2011level rights.", "description_and_impact": "An out\u2011of\u2011bounds write occurs in the libusc component of the Imagination Technologies Graphics DDK during the ConvertSwitchToArrayLookupBP routine for WebGPU shader compilation. The write corrupts memory, causing a segmentation fault, and on systems where the compiler process runs with system privileges this defect could be leveraged to elevate privileges or execute arbitrary code. The CVSS score of 9.6 reflects a high\u2011severity risk to confidentiality, integrity, and availability.", "risk_and_exploitability": "The EPSS score of less than 1\u202f% indicates that exploitation is currently considered unlikely, and the issue is not listed in CISA\u2019s KEV catalog. The likely attack vector is inferred to be a malicious web page that includes unusually large switch statements in GPU shader code, which the compiler processes when the page is rendered. While the immediate effect is a crash, the out\u2011of\u2011bounds write could enable privilege escalation if the compiler has elevated permissions, elevating the threat to remote code execution."}}}}, "created": "2026-03-23T09:52:13.113910+00:00", "updated": "2026-03-25T14:34:04.904120+00:00", "vendors": ["imaginationtech", "imaginationtech$PRODUCT$graphics_ddk"]}