CVE-2026-45195
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A vulnerability in kernel software running inside a Host VM allows sending improper commands to the GPU firmware, potentially causing memory read or write outside the permitted range. Addresses passed to the GPU firmware can be used to gain more privileged memory access than allowed by the system.
Risk Assessment
The risk involves potential privilege escalation and memory integrity compromise, which could lead to system takeover or sensitive data leakage.
Recommendation
It is recommended to immediately apply security patches provided by the kernel software vendor and update GPU drivers to the latest version.
Original NVD description (English source)
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.

