CVE-2026-41156

{"id": "CVE-2026-41156", "cveTags": [], "metrics": {}, "affected": [{"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "affectedData": [{"vendor": "Imagination Technologies", "product": "Graphics DDK", "versions": [{"status": "affected", "version": "1.18 RTM", "versionType": "custom"}, {"status": "affected", "version": "23.2 RTM", "versionType": "custom"}, {"status": "affected", "version": "24.2 RTM", "versionType": "custom"}, {"status": "affected", "version": "25.1 RTM", "versionType": "custom", "lessThanOrEqual": "25.3 RTM"}, {"status": "affected", "version": "26.1 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "26.2 RTM", "versionType": "custom"}], "platforms": ["Linux", "Android"], "defaultStatus": "unknown"}]}], "published": "2026-06-19T10:16:11.317", "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/", "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario.\n\n\n\nA shared resource (memory page) managed by a CPU thread of control (driver) and accessed by a GPU thread of control (Firmware) can cause a write UAF when the CPU thread frees the resource before the GPU FW has finished accessing it."}], "lastModified": "2026-06-19T10:16:11.317", "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce"}