Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario. A shared resource (memory page) managed by a CPU thread of control (driver) and accessed by a GPU thread of control (Firmware) can cause a write UAF when the CPU thread frees the resource before the GPU FW has finished accessing it.
History

Wed, 24 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Imaginationtech
Imaginationtech graphics Ddk
Vendors & Products Imaginationtech
Imaginationtech graphics Ddk

Mon, 22 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 19 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Description Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario. A shared resource (memory page) managed by a CPU thread of control (driver) and accessed by a GPU thread of control (Firmware) can cause a write UAF when the CPU thread frees the resource before the GPU FW has finished accessing it.
Title GPU DDK - kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firmware address without holding reference
Weaknesses CWE-416
References

cve-icon MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published: 2026-06-19T09:28:53.868Z

Updated: 2026-06-22T18:23:23.917Z

Reserved: 2026-04-17T16:26:03.731Z

Link: CVE-2026-41156

cve-icon Vulnrichment

Updated: 2026-06-22T18:22:42.493Z

cve-icon NVD

No data.

cve-icon Redhat

No data.