CVE-2026-21736 — Improper Handling of Insufficient Permissions or Privileges in Technologies Graphics DDK

CWE-280 — Improper Handling of Insufficient Permissions or Privileges2 documents2 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 99.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagination Technologies Graphics DDK Imaginationtech DDK

Timeline

PublishedMar 9

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory. This is caused by improper handling of the memory protections for the user-mode wrapped memory resource.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5imagination_technologies/graphics_ddk24.1 RTM — 25.1 RTM+3

▶NVDimaginationtech/ddk25.1

🔴Vulnerability Details

GHSA

GHSA-vjrg-fwqx-82jx: Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memo↗2026-03-09

▶