CVE-2026-41158

CVE-2026-41158: GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Vendor Imagination Technologies
Product Graphics DDK
Weakness CWE-416
Published June 12, 2026
Last update June 15, 2026

CVSS base score

What the vulnerability does

01Description

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource.

Key dates

02Disclosure timeline

June 12, 2026 CVE published
June 15, 2026 Record updated