CVE-2026-45203
Description
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel.
A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use.
Metadata
Severity & Metrics
No CVSS data available.
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Imagination Technologies | Graphics DDK | Linux,Android | 1.18 RTM2, 23.2 RTM2, 24.2 RTM2, 25.1 RTM2 ≤ 25.3 RTM … |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-367 | cna | CWE - CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition (4.20) |
References (1)