GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink
Summary
| CVE | CVE-2026-41158 |
|---|---|
| State | PUBLISHED |
| Assigner | imaginationtech |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-12 22:16:50 UTC |
| Updated | 2026-06-12 22:16:50 UTC |
| Description | Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource. |
Risk And Classification
Problem Types: CWE-416 | CWE-416 CWE-416: Use After Free
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Imagination Technologies | Graphics DDK | unaffected 1.18 RTM custom | Linux, Android |
| CNA | Imagination Technologies | Graphics DDK | unaffected 23.2 RTM custom | Linux, Android |
| CNA | Imagination Technologies | Graphics DDK | unaffected 24.2 RTM custom | Linux, Android |
| CNA | Imagination Technologies | Graphics DDK | affected 25.1 RTM 25.3 RTM custom | Linux, Android |
| CNA | Imagination Technologies | Graphics DDK | affected 26.1 RTM custom | Linux, Android |
| CNA | Imagination Technologies | Graphics DDK | unaffected 26.2 RTM custom | Linux, Android |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.imaginationtech.com/gpu-driver-vulnerabilities | 367425dc-4d06-4041-9650-c2dc6aaa27ce | www.imaginationtech.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.