Cyber Resilience

CVE-2026-22163

High

Published: 20 March 2026

Published
20 March 2026
Modified
21 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0001 3.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22163 is a high-severity Missing Synchronization (CWE-820) vulnerability in Imaginationtech Ddk. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-22163 is a vulnerability in the DDK kernel module IOCTL interface of Imagination Technologies GPU drivers. It stems from a lack of synchronization for concurrent access to a shared resource (CWE-820), enabling malware to misuse the interface in an unsupported manner. This misuse subverts the GPU, allowing it to perform writes to arbitrary physical memory pages.

A local attacker with low privileges (PR:L) can exploit this vulnerability, though it requires high attack complexity (AC:H) and no user interaction (UI:N). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) with a changed scope (S:C), as indicated by the CVSS v3.1 score of 7.8. The attacker typically needs crafted malware to trigger the IOCTL misuse, leading to GPU subversion and arbitrary physical memory writes, potentially enabling full kernel compromise.

The primary advisory from Imagination Technologies, available at https://www.imaginationtech.com/gpu-driver-vulnerabilities/, provides details on affected versions and recommended mitigations or patches.

EU & UK References

Vulnerability details

Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared…

more

resource in a concurrent manner but does not attempt to synchronise access to the resource.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Kernel driver IOCTL flaw enabling arbitrary physical memory writes from low-privileged local context directly maps to exploitation for privilege escalation resulting in kernel compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-10865Same product: Imaginationtech Ddk
CVE-2026-22167Same product: Imaginationtech Ddk
CVE-2025-58411Same product: Imaginationtech Ddk
CVE-2025-13952Same product: Imaginationtech Ddk
CVE-2026-22165Same product: Imaginationtech Ddk
CVE-2026-22166Same product: Imaginationtech Ddk
CVE-2025-25176Same product: Imaginationtech Ddk
CVE-2026-21732Same product: Imaginationtech Ddk
CVE-2025-1445Shared CWE-820

Affected Assets

imaginationtech
ddk
1.17, 1.18, 23.2, 24.1, 24.2 · 25.1 — 25.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lack of synchronization for concurrent access to the shared resource in the GPU driver IOCTL interface, preventing unauthorized transfer or corruption leading to GPU subversion.

prevent

Implements memory protection mechanisms to block the GPU from performing writes to arbitrary physical memory pages after subversion.

prevent

Restricts access to the GPU I/O device and its IOCTL interface to prevent low-privilege malware from misusing it in an unsupported manner.

References