CVE-2026-41157

CVE-2026-41157: GPU DDK - OOB Write in CalculateNPOTTwiddleSparsePageMap3D

Vendor Imagination Technologies
Product Graphics DDK
Weakness CWE-787
Published June 12, 2026
Last update June 16, 2026

CVSS base score

What the vulnerability does

01Description

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.

Key dates

02Disclosure timeline

June 12, 2026 CVE published
June 16, 2026 Record updated