GPU DDK - OOB Write in CalculateNPOTTwiddleSparsePageMap3D
CVE-2026-41157

Currently unrated

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 12 June 2026

🔔 Create Imagination Technologies Vulnerability Alert

What is CVE-2026-41157?

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash.

The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.

Affected Version(s)

Graphics DDK Linux 1.18 RTM

Graphics DDK Linux 23.2 RTM

Graphics DDK Linux 24.2 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2026
Vulnerability Reserved
Apr 17, 2026

CVE-2026-41157 Data

JSON