CVE-2026-21733 — Improper Handling of Insufficient Permissions or Privileges in Technologies Graphics DDK

CWE-280 — Improper Handling of Insufficient Permissions or Privileges3 documents3 sources

Severity

7.3HIGHNVD

EPSS

0.0%

top 98.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagination Technologies Graphics DDK

Timeline

PublishedApr 17

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 1.8 | Impact: 5.5

Affected Packages1 packages

▶CVEListV5imagination_technologies/graphics_ddk24.1 RTM — 24.2 RTM+4

🔴Vulnerability Details

GHSA

GHSA-4h67-fm2h-4qrp: Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memo↗2026-04-17

▶

VulDB

Imagination Graphics DDK up to 25.3 RTM GPU insufficient permissions or privileges (EUVD-2026-23446)↗2026-04-17

▶