Back to overview

CVE-2026-7639

Description
Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code. Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory.

Metadata

CVE ID
CVE-2026-7639
State
PUBLISHED
Assigner
imaginationtech
Reserved
2026-05-01 16:03 UTC
Published
2026-07-10 20:50 UTC
Last updated
2026-07-10 20:50 UTC
Primary CWE
CWE-459
CWE-459: Incomplete Cleanup
Vendor / Product
Imagination Technologies / Graphics DDK
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Imagination Technologies Graphics DDK Linux,Android 1.18 RTM2, 23.2 RTM2, 24.2 RTM2, 25.1 RTM2 ≤ 25.3 RTM …
Weakness (CWE)
CWESourceDescription
CWE-459 cna CWE-459: Incomplete Cleanup
Back to overview