CVE-2026-41156

Summary

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario.

A shared resource (memory page) managed by a CPU thread of control (driver) and accessed by a GPU thread of control (Firmware) can cause a write UAF when the CPU thread frees the resource before the GPU FW has finished accessing it.

Affected Software

VendorProductVersion RangeStatus
Imagination TechnologiesGraphics DDK1.18 RTMaffected
Imagination TechnologiesGraphics DDK23.2 RTMaffected
Imagination TechnologiesGraphics DDK24.2 RTMaffected
Imagination TechnologiesGraphics DDK25.1 RTM <= 25.3 RTMaffected
Imagination TechnologiesGraphics DDK26.1 RTMaffected
Imagination TechnologiesGraphics DDK26.2 RTMunaffected

Weaknesses

  • CWE-416: CWE-416: Use After Free (4.15)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References