CVE-2026-41158

Vulnerability

In Imagination Technologies GPU Device Driver Kit (DDK) releases up to and including 25.2 RTM, a vulnerability exists where physical memory allocated and freed without the deferred free mechanism can be reused by the GPU for read/write after the kernel module has freed the resource. A non-privileged user can conduct improper GPU system calls to trigger a write use-after-free condition, allowing writes to arbitrary freed physical pages. [1]

Exploitation

An attacker with local non-privileged access can craft specific GPU system calls that cause the kernel module to prematurely free physical memory while the GPU still holds references. By manipulating the reservation and freelist mechanisms, the attacker can write to freed pages. No additional authentication or user interaction is required beyond the ability to execute GPU commands. [1]

Impact

Successful exploitation allows the attacker to write to arbitrary freed physical pages, potentially corrupting kernel memory or other processes' data. This can lead to privilege escalation, information disclosure, or denial of service. The attacker gains the ability to modify memory that should be protected, compromising system integrity and confidentiality. [1]

Mitigation

Imagination Technologies has addressed this vulnerability in an updated DDK release. Users should update to the latest DDK version provided by their device vendor. No workaround is available. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog as of publication. [1]