CVE-2026-45195
HIGHDescription
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| imaginationtech | ddk |
| imaginationtech | ddk |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-45195? +
How severe is CVE-2026-45195? +
What products are affected by CVE-2026-45195? +
How do I check if I'm vulnerable to CVE-2026-45195? +
Related Vulnerabilities
An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated …
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: 2.8.0. Users are recommended …
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass …
When creating an export of all reusable media, the secrets of connected gift cards were included in the export even …
Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to …
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks.