Primary

Context

Imagination Technologies GPU Shader Compiler Library WebGPU Shader-Triggered Use-After-Free Vulnerability

Vulnerability

Patched

A write use-after-free vulnerability has been identified in the GPU shader compiler library of Imagination Technologies. This issue arises when a web page containing unusual GPU shader code is loaded into the compiler process. The shader code executes a path in the compiler that retains an outdated pointer, leading to a crash by referencing a freed memory object. On certain platforms, if the compiler process has system privileges, this vulnerability could be exploited further on the device.

Impact

Exploitation of this vulnerability causes a write use-after-free crash, which could be leveraged for additional exploits on the device, particularly if the compiler process has system privileges.

Remediation

The DDK compiler library has been updated to safely handle unusual GPU shader code, preventing disruptions during shader compilation.

Added: Jan 24, 2026, 3:20 AM

Updated: Jan 24, 2026, 3:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.8

remediation

7.7

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.8

remediation

7.7

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Imagination Technologies GPU Shader Compiler Library WebGPU Shader-Triggered Use-After-Free Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Imagination Technologies GPU DDK

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating