PatchSiren cyber security CVE debrief
CVE-2026-34195 Imagination Technologies CVE debrief
CVE-2026-34195 is a vulnerability in an unknown vendor's product that allows a non-privileged user to cause an out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping. This vulnerability was published on 2026-06-12T22:16:50.270Z and has not been modified since then.
- Vendor
- Imagination Technologies
- Product
- Graphics DDK
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of the affected product, particularly those who run software as non-privileged users, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by the product's incorrect indexing of internal state when performing sparse allocation remapping. This allows a non-privileged user to conduct intentional GPU sparse memory API calls to cause an out of bounds write in the kernel.
Defensive priority
high
Recommended defensive actions
- Apply a patch or update from the vendor, if available. [ref-4](https://www.imaginationtech.com/gpu-driver-vulnerabilities/)
- Limit the privileges of users running software on the affected product.
- Monitor the affected product for suspicious activity.
Evidence notes
The vendor is listed as Unknown Vendor, but there is evidence suggesting the vendor may be Imaginationtech. [source-item](https://services.nvd.nist.gov/rest/json/cves/2.0?lastModStartDate=2026-06-09T12%3A30%3A41.000Z&lastModEndDate=2026-06-14T23%3A16%3A53.000Z)
Official resources
-
CVE-2026-34195 CVE record
CVE.org
-
CVE-2026-34195 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
367425dc-4d06-4041-9650-c2dc6aaa27ce
CVE-2026-34195 was published on 2026-06-12T22:16:50.270Z and has not been modified since then.