CVE-2026-34193

CVE-2026-34193: GPU DDK - Arbitrary write via UFO updates due insufficient pointer validation in rgxfw_to_ptr()

Vendor Imagination Technologies
Product Graphics DDK
Weakness CWE-823
Published June 1, 2026
Last update June 1, 2026

CVSS base score

What the vulnerability does

01Description

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host (Kernel) to perform arbitrary writes to firmware memory.

Key dates

02Disclosure timeline

June 1, 2026 CVE published
June 1, 2026 Record updated