CVE-2026-41156 | Software installed and run as a non-privileged user may cond…

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario. A shared resource (memory page) managed by a CPU thread of control (driver) and accessed by a GPU thread of control (Firmware) can cause a write UAF when the CPU thread frees the resource before the GPU FW has finished accessing it.

Metadata

CVE ID: CVE-2026-41156
State: PUBLISHED
Assigner: imaginationtech
Reserved: 2026-04-17 16:26 UTC
Published: 2026-06-19 09:28 UTC
Last updated: 2026-06-19 09:28 UTC
Primary CWE: CWE-416
CWE-416: Use After Free (4.15)
Vendor / Product: Imagination Technologies / Graphics DDK
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (1)

Vendor	Product	Platform	Versions
Imagination Technologies	Graphics DDK	Linux,Android	1.18 RTM, 23.2 RTM, 24.2 RTM, 25.1 RTM ≤ 25.3 RTM …

Weakness (CWE)

CWE	Source	Description
CWE-416	cna	CWE-416: Use After Free (4.15)

References (1)

https://www.imaginationtech.com/gpu-driver-vulnerabilities/