CVE-2026-45195 - Vulnerability Details - OpenCVE

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.imaginationtech.com/gpu-driver-vulnerabilities/

History

Fri, 26 Jun 2026 16:00:00 +0000

Type	Values Removed	Values Added
Description		Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.
Title		GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted
Weaknesses		CWE-280
References		https://www.imaginationtech.com/gpu-driver-vulnerabilities/

MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published: 2026-06-26T15:18:20.469Z

Updated: 2026-06-26T15:18:20.469Z

Reserved: 2026-05-11T10:58:04.162Z

Link: CVE-2026-45195

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-45195", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "state": "PUBLISHED", "assignerShortName": "imaginationtech", "dateReserved": "2026-05-11T10:58:04.162Z", "datePublished": "2026-06-26T15:18:20.469Z", "dateUpdated": "2026-06-26T15:18:20.469Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2026-06-26T15:18:20.469Z"}, "title": "GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-280", "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.15)", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-480", "descriptions": [{"lang": "en", "value": "CAPEC - CAPEC-480: Escaping Virtualization (Version 3.9)"}]}], "affected": [{"vendor": "Imagination Technologies", "product": "Graphics DDK", "platforms": ["Linux", "Android"], "versions": [{"status": "affected", "version": "1.18 RTM", "versionType": "custom"}, {"status": "affected", "version": "23.2 RTM", "versionType": "custom"}, {"status": "affected", "version": "24.2 RTM", "versionType": "custom"}, {"status": "affected", "version": "25.1 RTM", "lessThanOrEqual": "25.3 RTM", "versionType": "custom"}, {"status": "affected", "version": "26.1 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "26.2 RTM", "versionType": "custom"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel.\n\n\n\nAddresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel.</p><p>Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.</p>"}]}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}}}