PatchSiren cyber security CVE debrief
CVE-2026-41158 Imagination Technologies CVE debrief
CVE-2026-41158 is a vulnerability that affects GPU system calls. Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. This occurs when physical memory is allocated and freed without the deferred free mechanism, allowing the GPU to use those resources for read/write after the kernel module has freed the resource. The vulnerability is related to CWE-416.
- Vendor
- Imagination Technologies
- Product
- Graphics DDK
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Imagination Technologies' GPU drivers should be aware of this vulnerability. The vendor is identified as Imaginationtech based on the evidence from the CVE record.
Technical summary
The vulnerability allows non-privileged users to conduct GPU system calls that can write to arbitrary freed physical pages. This can happen when physical memory is allocated and freed without using the deferred free mechanism.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates from the vendor as they become available.
- Review and update access controls to limit non-privileged user access to GPU resources.
- Monitor system activity for suspicious GPU-related behavior.
Evidence notes
The CVE record was published on 2026-06-12T22:16:50.693Z and has not been modified since. The vendor is listed as Unknown Vendor, but evidence suggests it may be Imaginationtech.
Official resources
-
CVE-2026-41158 CVE record
CVE.org
-
CVE-2026-41158 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
367425dc-4d06-4041-9650-c2dc6aaa27ce
CVE-2026-41158 was published on 2026-06-12T22:16:50.693Z.