CVE-2026-22163
Last modified
CVE-2026-22163 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.. EPSS estimates a 0.08% chance of exploitation in the next 30 days.
Description
Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Imaginationtech | Ddk | >= 25.1, <= 25.3 |
| Imaginationtech | Ddk | 1.17 |
| Imaginationtech | Ddk | 1.18 |
| Imaginationtech | Ddk | 23.2 |
| Imaginationtech | Ddk | 24.1 |
| Imaginationtech | Ddk | 24.2 |
References
- https://www.imaginationtech.com/gpu-driver-vulnerabilities/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-22163?
How severe is CVE-2026-22163?
How do I fix CVE-2026-22163?
Are you affected by CVE-2026-22163?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST