What is CVE-2026-22167?

CVE-2026-22167 is a high-severity vulnerability in Imaginationtech Ddk, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2026-05-01.

How severe is CVE-2026-22167?

High severity. CVSS v3 base score is 7.8 out of 10.

Buffer overflow in Imaginationtech Ddk

CVE-2026-22167

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocat…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (0.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Imaginationtech Ddk — versions 25.3
Imagination Technologies Graphics Ddk — versions 1.18 RTM, 23.2 RTM, 24.1 RTM

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

367425dc-4d06-4041-9650-c2dc6aaa27ce (Vendor Advisory)

Frequently asked questions

What is CVE-2026-22167?: CVE-2026-22167 is a high-severity vulnerability in Imaginationtech Ddk, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2026-05-01.
How severe is CVE-2026-22167?: High severity. CVSS v3 base score is 7.8 out of 10.