GPU DDK – Backed sparse PMRs are not handled by...

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages.

Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource.

Basic Information

ID CVE-2026-41158

Source imaginationtech

Published Jun 12, 2026 at 21:57

Modified Jun 15, 2026 at 19:26

Affected Product

Vendor Imagination Technologies

Product Graphics DDK

Version 1.18 RTM

Affected Versions Imagination Technologies Graphics DDK 25.1 RTM
Imagination Technologies Graphics DDK 26.1 RTM

CWE Classification

CWE-416

References

www.imaginationtech.com /gpu-driver-vulnerabilities/

{
    "lastseen": "",
    "description": "Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages.\n\n\n\nPhysical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource.",
    "published": "2026-06-12T21:57:29.607Z",
    "modified": "2026-06-15T19:26:18.813Z",
    "type": "cve",
    "title": "GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink",
    "source": "imaginationtech",
    "references": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/",
    "id": "CVE-2026-41158",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416"
    ],
    "cvelist": null,
    "sourceData": "Imagination Technologies Graphics DDK 25.1 RTM\nImagination Technologies Graphics DDK 26.1 RTM",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Graphics DDK",
    "version": "1.18 RTM",
    "vendor": "Imagination Technologies",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

GPU DDK – Backed sparse PMRs are not handled by deferred free mechanism after shrink_CVE-2026-41158