CVE Catalog

CVE-2026-45195

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile — higher than 1% of all known CVEs

Summary

A vulnerability in kernel software running inside a Host VM allows sending improper commands to the GPU firmware, potentially causing memory read or write outside the permitted range. Addresses passed to the GPU firmware can be used to gain more privileged memory access than allowed by the system.

Risk Assessment

The risk involves potential privilege escalation and memory integrity compromise, which could lead to system takeover or sensitive data leakage.

Recommendation

It is recommended to immediately apply security patches provided by the kernel software vendor and update GPU drivers to the latest version.

Original NVD description (English source)

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS