Back to overview

CVE-2026-45203

Description
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use.

Metadata

CVE ID
CVE-2026-45203
State
PUBLISHED
Assigner
imaginationtech
Reserved
2026-05-11 10:58 UTC
Published
2026-07-10 20:57 UTC
Last updated
2026-07-10 20:57 UTC
Primary CWE
CWE-367
CWE - CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condi…
Vendor / Product
Imagination Technologies / Graphics DDK
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Imagination Technologies Graphics DDK Linux,Android 1.18 RTM2, 23.2 RTM2, 24.2 RTM2, 25.1 RTM2 ≤ 25.3 RTM …
Weakness (CWE)
CWESourceDescription
CWE-367 cna CWE - CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition (4.20)
Back to overview