CVE-2026-22167
GPU Memory Corruption in NVIDIA GPU Driver
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: imaginationtech
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when software running as a non-privileged user makes improper GPU system calls that force the GPU to write to arbitrary physical memory pages.
Under certain conditions, this exploit can cause the GPU to corrupt data pages that are not allocated by the GPU driver but are instead memory pages used by the kernel and other drivers on the platform, potentially altering their behavior.
The attack can also cause the GPU to write to restricted internal GPU buffers, leading to a secondary effect of corrupting arbitrary physical memory.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized modification of critical memory areas used by the kernel and drivers, potentially causing system instability or unpredictable behavior.
Corruption of arbitrary physical memory could lead to data corruption, crashes, or security breaches by altering the normal operation of system components.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.