GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink
CVE-2026-41158

Currently unrated

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 12 June 2026

🔔 Create Imagination Technologies Vulnerability Alert

What is CVE-2026-41158?

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages.

Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource.

Affected Version(s)

Graphics DDK Linux 25.1 RTM <= 25.3 RTM

Graphics DDK Linux 26.1 RTM

Graphics DDK Linux 1.18 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2026
Vulnerability Reserved
Apr 17, 2026

CVE-2026-41158 Data

JSON