CVE-2026-34192

GPU DDK - _MMU_AllocLevel error recovery paths leave dangling page table entries

CVSS 7.7 HIGHEPSS 0.1%CWE-416

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.7EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

19 Jun 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not cleanup properly before freeing the physical allocation.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected products

Imagination Technologies · Graphics DDK

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/