CVE-2026-41158

Summary

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages.

Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource.

Affected Software

VendorProductVersion RangeStatus
Imagination TechnologiesGraphics DDK1.18 RTMunaffected
Imagination TechnologiesGraphics DDK23.2 RTMunaffected
Imagination TechnologiesGraphics DDK24.2 RTMunaffected
Imagination TechnologiesGraphics DDK25.1 RTM <= 25.3 RTMaffected
Imagination TechnologiesGraphics DDK26.1 RTMaffected
Imagination TechnologiesGraphics DDK26.2 RTMunaffected

Weaknesses

  • CWE-416: CWE-416: Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References