CVE-2026-41158
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
Software running as a non-privileged user may conduct GPU system calls, allowing writes to arbitrary freed physical pages. This can lead to unauthorized access to memory.
Risk Assessment
The organization may be exposed to attacks that exploit this vulnerability to manipulate memory, potentially leading to data leaks or system instability.
Recommendation
It is recommended to restrict access to software that can perform GPU calls and to monitor and update systems to mitigate this vulnerability.
Original NVD description (English source)
Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource.

