{"api_version":"1","generated_at":"2026-04-23T12:01:25+00:00","cve":"CVE-2026-21732","urls":{"html":"https://cve.report/CVE-2026-21732","api":"https://cve.report/api/cve/CVE-2026-21732.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-21732","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-21732"},"summary":{"title":"GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation","description":"A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\n\n\nAn edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access.","state":"PUBLISHED","assigner":"imaginationtech","published_at":"2026-03-20 23:16:42","updated_at":"2026-04-21 16:55:05"},"problem_types":["CWE-823","CWE-787","CWE-823 CWE-823: Use of Out-of-range Pointer Offset (4.16)"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"9.6","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.6,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"9.6","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","name":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","refsource":"367425dc-4d06-4041-9650-c2dc6aaa27ce","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-21732","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-21732","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Imagination Technologies","product":"Graphics DDK","version":"unaffected 1.17 RTM custom","platforms":["Linux","Android"]},{"source":"CNA","vendor":"Imagination Technologies","product":"Graphics DDK","version":"unaffected 1.18 RTM custom","platforms":["Linux","Android"]},{"source":"CNA","vendor":"Imagination Technologies","product":"Graphics DDK","version":"affected 23.2 RTM custom","platforms":["Linux","Android"]},{"source":"CNA","vendor":"Imagination Technologies","product":"Graphics DDK","version":"affected 24.1 RTM 25.1 RTM custom","platforms":["Linux","Android"]},{"source":"CNA","vendor":"Imagination Technologies","product":"Graphics DDK","version":"unaffected 25.2 RTM custom","platforms":["Linux","Android"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"21732","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"imaginationtech","cpe5":"ddk","cpe6":"1.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"21732","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"imaginationtech","cpe5":"ddk","cpe6":"1.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"21732","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"imaginationtech","cpe5":"ddk","cpe6":"23.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"21732","vulnerable":"1","versionEndIncluding":"25.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"imaginationtech","cpe5":"ddk","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"21732","cve":"CVE-2026-21732","epss":"0.000610000","percentile":"0.191550000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.6,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-21732","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-03-23T15:03:27.343812Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-03-23T15:03:50.302Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unknown","platforms":["Linux","Android"],"product":"Graphics DDK","vendor":"Imagination Technologies","versions":[{"status":"unaffected","version":"1.17 RTM","versionType":"custom"},{"status":"unaffected","version":"1.18 RTM","versionType":"custom"},{"status":"affected","version":"23.2 RTM","versionType":"custom"},{"lessThanOrEqual":"25.1 RTM","status":"affected","version":"24.1 RTM","versionType":"custom"},{"status":"unaffected","version":"25.2 RTM","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n<br>\n<br>An edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access."}],"value":"A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\n\n\nAn edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access."}],"impacts":[{"capecId":"CAPEC-113","descriptions":[{"lang":"en","value":"CAPEC-113: Interface Manipulation (Version 3.9)"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-823","description":"CWE-823: Use of Out-of-range Pointer Offset (4.16)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-20T22:48:42.695Z","orgId":"367425dc-4d06-4041-9650-c2dc6aaa27ce","shortName":"imaginationtech"},"references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}],"source":{"discovery":"UNKNOWN"},"title":"GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP during WebGPU shader compilation","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"367425dc-4d06-4041-9650-c2dc6aaa27ce","assignerShortName":"imaginationtech","cveId":"CVE-2026-21732","datePublished":"2026-03-20T22:48:42.695Z","dateReserved":"2026-01-05T11:57:27.257Z","dateUpdated":"2026-03-23T15:03:50.302Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-20 23:16:42","lastModifiedDate":"2026-04-21 16:55:05","problem_types":["CWE-823","CWE-787","CWE-823 CWE-823: Use of Out-of-range Pointer Offset (4.16)"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imaginationtech:ddk:*:*:*:*:*:*:*:*","versionStartIncluding":"24.1","versionEndIncluding":"25.1","matchCriteriaId":"A62602A5-EBBC-4F29-9D12-311AD0626512"},{"vulnerable":true,"criteria":"cpe:2.3:a:imaginationtech:ddk:1.17:*:*:*:*:*:*:*","matchCriteriaId":"1C2A0AE6-35B7-4221-8E49-6CF3AD9B3927"},{"vulnerable":true,"criteria":"cpe:2.3:a:imaginationtech:ddk:1.18:*:*:*:*:*:*:*","matchCriteriaId":"822E865A-168C-4F82-95C7-B1752575C175"},{"vulnerable":true,"criteria":"cpe:2.3:a:imaginationtech:ddk:23.2:*:*:*:*:*:*:*","matchCriteriaId":"6F512C3D-CF11-492B-8CAB-CF51965F4250"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"21732","Ordinal":"1","Title":"GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP durin","CVE":"CVE-2026-21732","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"21732","Ordinal":"1","NoteData":"A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\n\n\nAn edge case using a very large value in switch statements in GPU shader code can cause a segmentation fault in the GPU shader compiler due to an out-of-bounds write access.","Type":"Description","Title":"GPU DDK - libusc OOB write at ConvertSwitchToArrayLookupBP durin"}]}}}