CVE-2026-22163 — Missing Synchronization in Technologies Graphics DDK

CWE-820 — Missing Synchronization2 documents2 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 97.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagination Technologies Graphics DDK

Timeline

PublishedMar 20

Latest updateMar 21

Description

Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages1 packages

▶CVEListV5imagination_technologies/graphics_ddk24.1 RTM — 24.2 RTM+4

🔴Vulnerability Details

GHSA

GHSA-fm63-79wx-q4c2: Requires malware code to misuse the DDK kernel module IOCTL interface↗2026-03-21

▶