CVE-2026-34193: GPU Firmware Memory Corruption in Virtualized Environments
CVE-2026-34193 describes a logic error in GPU memory address translation that allows a compromised kernel running inside a virtual machine to send malformed commands to the GPU firmware, causing it to write data to unintended locations in firmware memory. The vulnerability requires local access and an already-compromised kernel to exploit, but once triggered, it can corrupt GPU firmware state without authorization.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 4.3 MEDIUM · CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Weaknesses (CWE)
- CWE-823
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-01 / 2026-06-17
NVD description (verbatim)
Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host (Kernel) to perform arbitrary writes to firmware memory.
1 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
This vulnerability stems from improper address translation logic in GPU firmware handling. When a compromised host kernel posts commands to the GPU, insufficient validation of memory addresses permits writes outside the intended GPU memory region. The flaw is classified as a logic error (CWE-823: Improper Resource Validation) rather than a simple bounds-check failure. An attacker with kernel-level code execution can craft GPU commands that leverage this translation weakness to overwrite firmware memory, potentially affecting GPU stability, security properties, or inter-VM isolation depending on what firmware structures are corrupted.
Business impact
Exploitation could degrade GPU reliability, corrupt GPU firmware state, or potentially create side-channel conditions between guest VMs sharing the same physical GPU. In virtualized infrastructure (cloud providers, multi-tenant datacenters), this compounds the risk if an attacker already controls a guest kernel. The integrity impact is contained to GPU firmware and data rather than CPU memory, but firmware corruption can cascade into denial-of-service or unpredictable device behavior affecting workload availability.
Affected systems
Systems running virtualized workloads with GPUs are potentially affected. The vulnerability requires kernel-level compromise within a guest or host, limiting the practical attack surface. Environments where GPU sharing across VMs is enabled are at higher risk. No specific vendor or product list was disclosed in the initial advisory, so organizations should check with their GPU and hypervisor vendors for affected versions and guidance.
Exploitability
Exploitation requires pre-existing kernel-level code execution (CWE-823 involves improper resource validation after trust boundary crossing), making this a post-compromise vector rather than a remote or unauthenticated attack. The CVSS 3.1 score of 4.3 (MEDIUM) reflects low attack complexity and no authentication requirement once local kernel access is achieved, but the attack vector is local-only and integrity impact is limited. This is not an actively exploited vulnerability in the wild according to KEV data.
Remediation
Monitor GPU firmware vendor advisories and hypervisor vendors for patches addressing address translation validation. Firmware updates that enforce stricter bounds-checking and state validation on GPU commands are the expected fix. Until patched, restrict GPU sharing across untrusted VMs and apply kernel hardening (SELinux, AppArmor) to reduce the likelihood of kernel compromise that would be a prerequisite for exploitation.
Patch guidance
Contact your GPU and hypervisor vendors directly for availability of firmware and software patches. Patches will likely include improved address validation in the GPU command processing path and may require firmware updates to the GPU itself. Test patches in non-production GPU virtualization environments first, as GPU firmware updates can affect performance or require VM restart. Verify patch version numbers against vendor security advisories before deployment.
Detection guidance
GPU firmware logs and hypervisor audit trails are the primary detection vectors. Look for anomalous GPU memory writes from guest kernels, unexpected GPU command failures, or GPU firmware state corruption alerts. Most hypervisors and GPU platforms provide firmware integrity checks; enable and monitor these. Host-based kernel integrity monitoring (e.g., IMA on Linux) can detect kernel compromise that would precede exploitation. Network-based detection is impractical given the local nature of the attack.
Why prioritize this
While the CVSS score is MEDIUM (4.3), the practical risk depends on your virtualization architecture. Organizations running multi-tenant GPU clouds or shared GPU environments should prioritize this higher, as kernel compromise in one guest could affect GPU reliability for others. Single-tenant or air-gapped GPU systems face lower risk. The lack of remote exploitability and the requirement for prior kernel access mean this should be addressed after critical remote vulnerabilities but ahead of low-impact local flaws.
Risk score, explained
CVSS 3.1 score of 4.3 reflects: Attack Vector: Adjacent (local network or VM-to-hypervisor), Attack Complexity: Low, Privileges Required: None (once kernel access is achieved), User Interaction: None, Scope: Unchanged, Confidentiality: None, Integrity: Low (GPU firmware corruption), Availability: None. The score is muted because the attack vector is local and requires kernel-level compromise as a prerequisite, but it is not negligible because GPU sharing and virtualization are common in production infrastructure.
Frequently asked questions
If we don't use GPU virtualization or GPU sharing, are we affected?
GPU virtualization is the primary concern. If your VMs do not have GPU access or if GPUs are not shared across VMs, this vulnerability has minimal relevance. However, review your infrastructure to confirm; some organizations enable GPU access implicitly via certain hypervisor configurations.
Does this require physical access to the host machine?
No. Exploitation requires kernel-level code execution, which can be achieved through a remote exploit chain targeting the kernel or a guest application with kernel privileges. This vulnerability is not itself remote, but it may be part of a larger attack chain in a compromised environment.
Will standard kernel patches fix this, or do we need GPU firmware updates?
Both may be required. GPU firmware needs address validation improvements, and the hypervisor or GPU driver software may also need updates to enforce stricter command validation. Coordinate with your GPU vendor and hypervisor vendor on patch sequencing.
How does this compare to GPU speculative execution vulnerabilities?
This is a direct memory corruption flaw, not a side-channel. It results in actual unauthorized writes to GPU firmware rather than information disclosure. The risk profile is different and depends heavily on your GPU sharing model and the likelihood of kernel compromise in your environment.
This analysis is based on publicly available vulnerability data as of the publication date. Vendor product information was not included in the official CVE record; organizations should cross-reference this vulnerability against their specific GPU, hypervisor, and driver versions using vendor security advisories. CVSS scores represent baseline technical severity and do not account for organizational context, threat landscape, or compensating controls. No exploit code or proof-of-concept details are provided herein. This information is for defensive and risk-management purposes only. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2018-25384MEDIUMStored XSS in Wikidforum 2.20 Allows Authenticated Attackers to Inject Malicious Scripts
- CVE-2018-25387MEDIUMHaPe PKH 1.1 Cross-Site Request Forgery (CSRF) Admin Password Reset
- CVE-2018-25393MEDIUMNavigate CMS 2.8.5 Path Traversal Vulnerability (CVSS 6.5)
- CVE-2018-25397MEDIUMCSRF Vulnerability in PHP-SHOP 1.0 – Admin Account Injection
- CVE-2018-25421MEDIUMOpen STA Manager 2.3 Path Traversal File Download Vulnerability
- CVE-2018-25423MEDIUMBuffer Overflow Denial of Service in Arm Whois 3.11
- CVE-2018-25435MEDIUMZeusCart 4.0 CSRF Vulnerability – Account Deactivation Risk
- CVE-2019-25716MEDIUMDräger Patient Monitor Denial-of-Service Vulnerability