CVE-2026-22167
Analyzed Analyzed - Analysis Complete
GPU Memory Corruption in NVIDIA GPU Driver

Publication date: 2026-05-01

Last updated on: 2026-06-01

Assigner: imaginationtech

Description
Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. This attack can lead the GPU to perform write operations on restricted internal GPU buffers that can lead to a second order affect of corrupted arbitrary physical memory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-22167
EUVD
EUVD-2026-26664
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
imaginationtech ddk to 25.2 (inc)
imaginationtech ddk 25.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when software running as a non-privileged user makes improper GPU system calls that force the GPU to write to arbitrary physical memory pages.

Under certain conditions, this exploit can cause the GPU to corrupt data pages that are not allocated by the GPU driver but are instead memory pages used by the kernel and other drivers on the platform, potentially altering their behavior.

The attack can also cause the GPU to write to restricted internal GPU buffers, leading to a secondary effect of corrupting arbitrary physical memory.

Impact Analysis

This vulnerability can impact you by allowing unauthorized modification of critical memory areas used by the kernel and drivers, potentially causing system instability or unpredictable behavior.

Corruption of arbitrary physical memory could lead to data corruption, crashes, or security breaches by altering the normal operation of system components.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22167. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart