Cyber Resilience

CVE-2026-22165

HighUpdated

Published: 01 May 2026

Published
01 May 2026
Modified
01 June 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0035 26.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-22165 is a high-severity Use After Free (CWE-416) vulnerability in Imaginationtech Ddk. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 26.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-22165 is a use-after-free (CWE-416) vulnerability with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), affecting the GPU GLES user-space shared library in Imagination Technologies GPU drivers. The issue arises when a web page loads unusual WebGPU content into the GPU GLES render process, triggering a write-after-free crash in the library. This flaw is particularly concerning on platforms where the graphics workload process runs with system privileges, potentially allowing escalation to broader device compromise.

An attacker with low privileges (PR:L) can exploit this remotely over the network (AV:N) with low complexity and no user interaction required. By crafting a malicious web page with specific WebGPU content, the attacker induces the UAF condition, leading to high integrity (I:H) and availability (A:H) impacts via crashes or code execution in the GPU process. On affected platforms granting system privileges to the graphics process, successful exploitation could enable arbitrary code execution and further device-level attacks.

Imagination Technologies has documented the vulnerability on their GPU driver vulnerabilities page at https://www.imaginationtech.com/gpu-driver-vulnerabilities/, where practitioners should consult for patch availability and mitigation guidance.

EU & UK References

Vulnerability details

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system…

more

privileges this could enable further exploits on the device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

UAF in GPU GLES library enables client-side code execution via malicious WebGPU web content (T1203) and privilege escalation when graphics process has system-level rights (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22166Same product: Imaginationtech Ddk
CVE-2025-10865Same product: Imaginationtech Ddk
CVE-2025-13952Same product: Imaginationtech Ddk
CVE-2025-58411Same product: Imaginationtech Ddk
CVE-2026-22167Same product: Imaginationtech Ddk
CVE-2026-22163Same product: Imaginationtech Ddk
CVE-2026-21732Same product: Imaginationtech Ddk
CVE-2025-25176Same product: Imaginationtech Ddk
CVE-2026-47310Shared CWE-416
CVE-2026-9901Shared CWE-416

Affected Assets

imaginationtech
ddk
25.3 · ≤ 25.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the use-after-free vulnerability in the Imagination Technologies GPU GLES library by requiring timely patching as documented by the vendor.

prevent

Provides memory protection mechanisms like non-executable memory regions and ASLR to prevent exploitation of the UAF write crash into arbitrary code execution in the GPU process.

prevent

Enforces least privilege on the GPU GLES render process to limit potential escalation to system-level compromise on platforms granting it elevated privileges.

References