Description
An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recovery.



Sharing secure memory allocations among various GPU secure processes allows an attacker to corrupt shared resource affecting other users.
Published: 2026-06-12
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from the Imagination Technologies Graphics DDK mapping shared secure memory allocations into the virtual address space of all GPU processes. This allows a malicious actor to move sensitive data from one isolated GPU process to another or to corrupt shared resources, leading to image corruption and the need for hardware recovery. The weakness is classified as CWE‑653, an insecure resource allocation. Based on the description, it is inferred that the attacker must be able to create or control secure GPU processes to exploit the memory sharing feature.

Affected Systems

Imagination Technologies Graphics DDK is affected. No specific version information is provided, so all installations of the driver should be considered potentially vulnerable.

Risk and Exploitability

The exploit requires the attacker to have control over a secure GPU process or to be able to create such processes in order to request the shared secure memory allocation. The CVSS score of 5.5 indicates a moderate impact, while the EPSS score of less than 1 % suggests a low probability of public exploitation. Because the vulnerability is not listed in the CISA KEV catalog, there is no evidence of widespread exploitation. Nonetheless, local or privileged access to the GPU driver is likely needed, implying that a system with elevated GPU privileges is the primary target.

Generated by OpenCVE AI on June 18, 2026 at 01:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Imagination Technologies Graphics DDK to a version that fixes the insecure shared secure memory mapping.
  • Reconfigure the kernel module or GPU security policy to disallow shared secure memory allocations among independent GPU processes where feasible.
  • Enforce strict access controls on GPU process creation and monitor for anomalous shared memory usage by auditing or logging GPU performance counters.

Generated by OpenCVE AI on June 18, 2026 at 01:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 13 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Imaginationtech
Imaginationtech graphics Ddk
Vendors & Products Imaginationtech
Imaginationtech graphics Ddk

Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recovery. Sharing secure memory allocations among various GPU secure processes allows an attacker to corrupt shared resource affecting other users.
Title GPU DDK - SharedSecMem mapped into all GPU virtual address spaces
Weaknesses CWE-653
References

Subscriptions

Imaginationtech Graphics Ddk
cve-icon MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published:

Updated: 2026-06-15T19:27:04.791Z

Reserved: 2026-04-17T16:26:03.731Z

Link: CVE-2026-41155

cve-icon Vulnrichment

Updated: 2026-06-15T18:50:22.891Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T22:16:50.463

Modified: 2026-06-16T15:40:10.107

Link: CVE-2026-41155

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T02:00:05Z

Weaknesses
  • CWE-653

    Improper Isolation or Compartmentalization