CVE-2026-34192 | Software installed and run as a non-privileged user may cond…

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not cleanup properly before freeing the physical allocation.

Metadata

CVE ID: CVE-2026-34192
State: PUBLISHED
Assigner: imaginationtech
Reserved: 2026-03-26 13:47 UTC
Published: 2026-06-19 09:23 UTC
Last updated: 2026-06-19 09:23 UTC
Primary CWE: CWE-416
CWE-416: Use After Free (4.15)
Vendor / Product: Imagination Technologies / Graphics DDK
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (1)

Vendor	Product	Platform	Versions
Imagination Technologies	Graphics DDK	Linux,Android	1.18 RTM, 23.2 RTM, 24.2 RTM, 25.1 RTM ≤ 25.3 RTM …

Weakness (CWE)

CWE	Source	Description
CWE-416	cna	CWE-416: Use After Free (4.15)

References (1)

https://www.imaginationtech.com/gpu-driver-vulnerabilities/