CVE-2026-45203
Received
Received - Intake
Memory Corruption in GPU Firmware via TOCTOU
Vulnerability report for CVE-2026-45203, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-10
Last updated on: 2026-07-10
Assigner: imaginationtech
Description
Description
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel.
A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |