Imagination Technologies GPU DDK
Moderate fix1 remedy
cpe:2.3:a:imaginationtech:ddk:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 25.2 RTM
Imagination Technologies GPU DDK WebGPU Shader Compilation Out-of-Bounds Write Vulnerability
Vulnerability
Patched
An out-of-bounds write vulnerability has been identified in the Imagination Technologies GPU Driver Development Kit (DDK) version 25.1 RTM2 prior to 25.3 RTM. This vulnerability occurs during the compilation of WebGPU shaders, where unusual shader code can trigger a crash in the GPU shader compiler library. On certain platforms, if the compiler process has system privileges, this vulnerability could be exploited to execute further attacks on the device.
Impact
Exploitation of this vulnerability causes a crash in the GPU shader compiler, creating a use-after-free condition. On platforms where the compiler process has system privileges, this could lead to additional exploits on the device.
Reproduction
To reproduce this vulnerability, load a web page containing unusual GPU shader code into the GPU compiler process. The shader compilation will then trigger an out-of-bounds write, causing a crash in the GPU shader compiler library.
Remediation
The DDK compiler library has been updated to safely handle unusual GPU shader code, preventing disruptions during shader compilation.
Added: Mar 20, 2026, 11:37 PM
Updated: Mar 20, 2026, 11:37 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
0.8exploitability
4.8remediation
7.7relevance
4.2threat
1.6urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.