CVE-2026-21736
Improper Memory Protection Allows Write Access via GPU Calls
Publication date: 2026-03-09
Last updated on: 2026-03-10
Assigner: imaginationtech
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imaginationtech | ddk | 25.1 |
| imaginationtech | ddk | 25.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-280 | The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when software running as a non-privileged user improperly handles GPU system calls, allowing it to gain write permissions to memory that should be read-only. Specifically, it involves incorrect management of memory protections for user-mode wrapped memory resources.
How can this vulnerability impact me? :
The vulnerability can allow non-privileged software to write to memory areas that are intended to be read-only, potentially leading to unauthorized modification of data or code in user-mode memory. This could result in unexpected behavior, data corruption, or escalation of privileges within the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know