CVE-2026-34196
Received Received - Intake

Integer Overflow Leading to UAF in GPU Driver

Vulnerability report for CVE-2026-34196, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: imaginationtech

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the second mapping The second virtual mapping references a physical address that has been freed after the first virtual mapping has been freed. This allows the physical memory to be allocated (for example) by another process and read/written to.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs when software running as a non-privileged user makes improper GPU system calls that cause an integer overflow. This overflow leads to two GPU virtual addresses being mapped to the same physical memory address.

One of these virtual mappings can be freed along with the physical memory page, but the second virtual mapping still references the now freed physical address. This situation creates a use-after-free (UAF) condition where the second mapping can be used to read from or write to physical memory that may have been reallocated to another process.

Impact Analysis

This vulnerability can allow an attacker or malicious software running as a non-privileged user to gain unauthorized read and write access to physical memory that should no longer be accessible.

Because the freed physical memory can be reallocated to other processes, this can lead to data leakage, corruption, or unauthorized modification of data belonging to other processes, potentially compromising system integrity and confidentiality.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34196. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart