CVE 9.8 CRITICAL

GPU DDK – OOB Write in CalculateNPOTTwiddleSparsePageMap3D_CVE-2026-41157

June 15, 2026 invoker category_cve
9.8 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash.



The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.

AI Analysis

Out-of-bound write in the GPU user-space driver due to integer overflow, leading to memory corruption and possible process crash.

Basic Information

ID CVE-2026-41157
Source imaginationtech
Published Jun 12, 2026 at 21:53
Modified Jun 15, 2026 at 15:14

Affected Product

Vendor Imagination Technologies
Product Graphics DDK
Version 1.18 RTM, 23.2 RTM, 24.2 RTM, 25.1 RTM, 26.1 RTM
Affected Versions Imagination Technologies Graphics DDK 1.18 RTM
Imagination Technologies Graphics DDK 23.2 RTM
Imagination Technologies Graphics DDK 24.2 RTM
Imagination Technologies Graphics DDK 25.1 RTM
Imagination Technologies Graphics DDK 26.1 RTM

CWE Classification

CWE-787

AI Assessment

AI Score 9.8 / 10
AI Severity Critical
Vendor Imagination Technologies
Product Graphics DDK
Version 1.18 RTM, 23.2 RTM, 24.2 RTM, 25.1 RTM, 26.1 RTM

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.