CVE-2026-45203
Received Received - Intake

Memory Corruption in GPU Firmware via TOCTOU

Vulnerability report for CVE-2026-45203, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: imaginationtech

Description

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but before use.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves kernel software running inside a Host Virtual Machine (VM) that can send improper commands to the GPU Firmware. These commands can cause a memory write operation outside the allowed memory range for the host kernel.

The root cause is a Time-Of-Check to Time-Of-Use (TOCTOU) bug, where a malicious driver can change values in memory after the firmware has validated them but before they are actually used.

Impact Analysis

Exploiting this vulnerability could allow a malicious driver to write to memory locations outside the permitted range, potentially leading to unauthorized memory modification.

This could result in system instability, crashes, or escalation of privileges within the host kernel environment.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45203. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart