PatchSiren cyber security CVE debrief
CVE-2026-41154 Imagination Technologies CVE debrief
Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access. This vulnerability affects users of GPU drivers from Imagination Technologies, potentially allowing unauthorized access to sensitive kernel memory.
- Vendor
- Imagination Technologies
- Product
- Graphics DDK
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Users of GPU drivers from Imagination Technologies may be affected by this vulnerability. System administrators and security teams responsible for managing and securing systems that utilize these GPU drivers should assess their exposure and take necessary precautions.
Technical summary
The vulnerability occurs in the page freeing logic of the sparse memory implementation within the GPU driver from Imagination Technologies. When indexing pages larger than 4kB, incorrect buffer indexing leads to out-of-bounds (OOB) access. This could allow software installed and run as a non-privileged user to cause OOB kernel memory reads or writes through GPU API calls. The affected product is the GPU driver from Imagination Technologies, which may be used in various systems. Users of these GPU drivers should assess their exposure and take necessary precautions to prevent unauthorized access to sensitive kernel memory. To verify, defenders should check Imagination Technologies' official website for GPU driver updates and assess the potential impact on their systems. They should also review system logs for suspicious GPU API activity.
Defensive priority
High priority for users of affected GPU drivers
Recommended defensive actions
- Inventory and assess GPU driver installations for potential exposure
- Apply vendor patches or updates when available
- Monitor system logs for suspicious GPU API activity
- Consider compensating controls such as memory protection mechanisms
- Review and update asset inventory to track affected systems
- Implement monitoring and detection mechanisms for exposed assets
- Track exceptions and retest remediated assets
Evidence notes
Evidence is limited. The CVE record and NVD entry provide basic information about the vulnerability. Additional details may be available from Imagination Technologies' website. To verify, defenders should check Imagination Technologies' official website for GPU driver updates and assess the potential impact on their systems. They should also review system logs for suspicious GPU API activity.
Official resources
-
CVE-2026-41154 CVE record
CVE.org
-
CVE-2026-41154 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
367425dc-4d06-4041-9650-c2dc6aaa27ce
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T21:16:54.410Z and has not been modified since then.