Description
An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recovery.



Sharing secure memory allocations among various GPU secure processes allows an attacker to corrupt shared resource affecting other users.
Published: 2026-06-12
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a malicious actor to manipulate secure memory allocations within the Imagination Technologies GPU kernel module, enabling data to be moved between isolated GPU processes or causing image corruption. This results in both confidentiality exposure of sensitive payloads processed by secure GPU applications and integrity/availability issues for those processes. The weakness is a type of insecure resource allocation identified as CWE-653.

Affected Systems

Imagination Technologies Graphics DDK is affected. No specific version information is provided, so all installations of the driver should be considered potentially vulnerable.

Risk and Exploitability

The exploit requires control over secure GPU processes or the ability to create such processes and invoke shared secure memory allocations. While no exploit score or KEV status is listed, the absence of an EPSS score suggests limited public exploitation data. Nevertheless, an attacker with local or privileged GPU access could potentially leak data or disrupt other secure GPU workloads, warranting proactive mitigation.

Generated by OpenCVE AI on June 12, 2026 at 23:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Imagination Technologies Graphics DDK to a version that fixes the insecure shared secure memory mapping.
  • Reconfigure the kernel module or GPU security policy to disallow shared secure memory allocations among independent GPU processes where feasible.
  • Enforce strict access controls on GPU process creation and monitor for anomalous shared memory usage by auditing or logging GPU performance counters.

Generated by OpenCVE AI on June 12, 2026 at 23:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recovery. Sharing secure memory allocations among various GPU secure processes allows an attacker to corrupt shared resource affecting other users.
Title GPU DDK - SharedSecMem mapped into all GPU virtual address spaces
Weaknesses CWE-653
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published:

Updated: 2026-06-12T21:48:56.570Z

Reserved: 2026-04-17T16:26:03.731Z

Link: CVE-2026-41155

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T22:16:50.463

Modified: 2026-06-12T22:16:50.463

Link: CVE-2026-41155

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T23:30:08Z

Weaknesses
  • CWE-653

    Improper Isolation or Compartmentalization