CVE-2026-45195
Received Received - Intake
Memory Access Violation in GPU Firmware

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: imaginationtech

Description
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-45195
EUVD
EUVD-2026-39787
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-280 The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when kernel software running inside a Host Virtual Machine (VM) sends improper commands to the GPU Firmware. These commands can cause the GPU Firmware to perform memory reads or writes outside the allowed memory range for the host kernel.

Specifically, the addresses passed to the GPU Firmware can be exploited to access more privileged memory than the system permits, potentially leading to unauthorized memory access.

Impact Analysis

This vulnerability can allow an attacker with control over the kernel software inside a Host VM to cause the GPU Firmware to access memory regions outside the permitted range. This could lead to unauthorized access to sensitive data or system memory, potentially compromising system integrity and confidentiality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45195. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart