CVE-2026-41155

Vulnerability

The vulnerability resides in the Imagination Technologies GPU driver kernel module. Secure GPU processes are allowed to share secure memory allocations, enabling an attacker to either pass data from one secure process to another or corrupt shared resources. The affected driver versions have not been disclosed in the available references [1].

Exploitation

An attacker with the ability to execute code on the system, potentially as a non-privileged user, can allocate and manipulate shared secure memory. By doing so, the attacker can either cooperatively transmit data to another secure GPU process or disrupt its operation, leading to image corruption or forcing GPU hardware recovery.

Impact

Successful exploitation allows an attacker to obtain sensitive data from another secure GPU process, resulting in information disclosure. Alternatively, the attacker can cause denial of service through persistent image corruption or by triggering GPU hardware recovery that impacts system availability.

Mitigation

No patch has been announced in the available references [1] as of the publication date of this CVE. Users should monitor Imagination Technologies' security advisories for future updates.