Cyber Posture

CVE-2026-22163

High

Published: 20 March 2026

Published
20 March 2026
Modified
21 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0001 3.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22163 is a high-severity Missing Synchronization (CWE-820) vulnerability in Imaginationtech Ddk. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-4 Information in Shared System Resources good match
prevent

Directly addresses the lack of synchronization for concurrent access to the shared resource in the GPU driver IOCTL interface, preventing unauthorized transfer or corruption leading to GPU subversion.

SI-16 Memory Protection good match
prevent

Implements memory protection mechanisms to block the GPU from performing writes to arbitrary physical memory pages after subversion.

SC-41 Port and I/O Device Access partial match
prevent

Restricts access to the GPU I/O device and its IOCTL interface to prevent low-privilege malware from misusing it in an unsupported manner.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Kernel driver IOCTL flaw enabling arbitrary physical memory writes from low-privileged local context directly maps to exploitation for privilege escalation resulting in kernel compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages. The product utilises a shared…

more

resource in a concurrent manner but does not attempt to synchronise access to the resource.

Deeper analysisAI

CVE-2026-22163 is a vulnerability in the DDK kernel module IOCTL interface of Imagination Technologies GPU drivers. It stems from a lack of synchronization for concurrent access to a shared resource (CWE-820), enabling malware to misuse the interface in an unsupported manner. This misuse subverts the GPU, allowing it to perform writes to arbitrary physical memory pages.

A local attacker with low privileges (PR:L) can exploit this vulnerability, though it requires high attack complexity (AC:H) and no user interaction (UI:N). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) with a changed scope (S:C), as indicated by the CVSS v3.1 score of 7.8. The attacker typically needs crafted malware to trigger the IOCTL misuse, leading to GPU subversion and arbitrary physical memory writes, potentially enabling full kernel compromise.

The primary advisory from Imagination Technologies, available at https://www.imaginationtech.com/gpu-driver-vulnerabilities/, provides details on affected versions and recommended mitigations or patches.

Details

CWE(s)
CWE-820

Affected Products

imaginationtech
ddk
1.17, 1.18, 23.2, 24.1, 24.2 · 25.1 — 25.3

CVEs Like This One

CVE-2025-10865Same product: Imaginationtech Ddk
CVE-2025-13952Same product: Imaginationtech Ddk
CVE-2025-58411Same product: Imaginationtech Ddk
CVE-2025-25176Same product: Imaginationtech Ddk
CVE-2026-21732Same product: Imaginationtech Ddk
CVE-2025-1445Shared CWE-820

References