CVE-2026-45195 | Kernel software installed and running inside a Host VM may p… | CVSS 7.8 HIGH

Description

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.

Metadata

CVE ID: CVE-2026-45195
State: PUBLISHED
Assigner: imaginationtech
Reserved: 2026-05-11 10:58 UTC
Published: 2026-06-26 15:18 UTC
Last updated: 2026-06-26 19:15 UTC
Primary CWE: CWE-280
CWE-280: Improper Handling of Insufficient Permissions or Pr…
Vendor / Product: Imagination Technologies / Graphics DDK
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Imagination Technologies	Graphics DDK	Linux,Android	1.18 RTM, 23.2 RTM, 24.2 RTM, 25.1 RTM ≤ 25.3 RTM …

Weakness (CWE)

CWE	Source	Description
CWE-280	cna	CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.15)

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.8	HIGH	3.1	adp	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (1)

https://www.imaginationtech.com/gpu-driver-vulnerabilities/