{"api_version":"1","generated_at":"2026-06-14T01:19:48+00:00","cve":"CVE-2026-41158","urls":{"html":"https://cve.report/CVE-2026-41158","api":"https://cve.report/api/cve/CVE-2026-41158.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-41158","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-41158"},"summary":{"title":"GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink","description":"Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages.\n\n\n\nPhysical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource.","state":"PUBLISHED","assigner":"imaginationtech","published_at":"2026-06-12 22:16:50","updated_at":"2026-06-12 22:16:50"},"problem_types":["CWE-416","CWE-416 CWE-416: Use After Free"],"metrics":[],"references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","name":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/","refsource":"367425dc-4d06-4041-9650-c2dc6aaa27ce","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-41158","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41158","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Imagination Technologies","product":"Graphics DDK","version":"unaffected 1.18 RTM custom","platforms":["Linux","Android"]},{"source":"CNA","vendor":"Imagination Technologies","product":"Graphics DDK","version":"unaffected 23.2 RTM custom","platforms":["Linux","Android"]},{"source":"CNA","vendor":"Imagination Technologies","product":"Graphics DDK","version":"unaffected 24.2 RTM custom","platforms":["Linux","Android"]},{"source":"CNA","vendor":"Imagination Technologies","product":"Graphics DDK","version":"affected 25.1 RTM 25.3 RTM custom","platforms":["Linux","Android"]},{"source":"CNA","vendor":"Imagination Technologies","product":"Graphics DDK","version":"affected 26.1 RTM custom","platforms":["Linux","Android"]},{"source":"CNA","vendor":"Imagination Technologies","product":"Graphics DDK","version":"unaffected 26.2 RTM custom","platforms":["Linux","Android"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"41158","cve":"CVE-2026-41158","epss":"0.000180000","percentile":"0.051940000","score_date":"2026-06-13","updated_at":"2026-06-14 00:08:31"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unknown","platforms":["Linux","Android"],"product":"Graphics DDK","vendor":"Imagination Technologies","versions":[{"status":"unaffected","version":"1.18 RTM","versionType":"custom"},{"status":"unaffected","version":"23.2 RTM","versionType":"custom"},{"status":"unaffected","version":"24.2 RTM","versionType":"custom"},{"lessThanOrEqual":"25.3 RTM","status":"affected","version":"25.1 RTM","versionType":"custom"},{"status":"affected","version":"26.1 RTM","versionType":"custom"},{"status":"unaffected","version":"26.2 RTM","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages.\n<br>\n<br>Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource.</p>"}],"value":"Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages.\n\n\n\nPhysical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource."}],"impacts":[{"capecId":"CAPEC-124","descriptions":[{"lang":"en","value":"CAPEC-124: Shared Resource Manipulation"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"CWE-416: Use After Free","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-12T21:57:29.607Z","orgId":"367425dc-4d06-4041-9650-c2dc6aaa27ce","shortName":"imaginationtech"},"references":[{"url":"https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}],"source":{"discovery":"UNKNOWN"},"title":"GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"367425dc-4d06-4041-9650-c2dc6aaa27ce","assignerShortName":"imaginationtech","cveId":"CVE-2026-41158","datePublished":"2026-06-12T21:57:29.607Z","dateReserved":"2026-04-17T16:26:03.731Z","dateUpdated":"2026-06-12T21:57:29.607Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-12 22:16:50","lastModifiedDate":"2026-06-12 22:16:50","problem_types":["CWE-416","CWE-416 CWE-416: Use After Free"],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"41158","Ordinal":"1","Title":"GPU DDK - Backed sparse PMRs are not handled by deferred free me","CVE":"CVE-2026-41158","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"41158","Ordinal":"1","NoteData":"Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages.\n\n\n\nPhysical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource.","Type":"Description","Title":"GPU DDK - Backed sparse PMRs are not handled by deferred free me"}]}}}