CVE-2026-41154: Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing lo
Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls.
When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access.
Details
Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-41154
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-41154 | coverage & exploitation status | NVD · CVE.org |
Recent advisories for Software installed and
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownCVE-2026-7639: Software installed and run as a non-privileged user may conduct a sequence of improper GPU syst…nvd · 2026-07-10
- unknownCVE-2026-45203: Kernel software installed and running inside a Host VM may post improper commands to the GPU F…nvd · 2026-07-10
- unknownCVE-2026-45196: Kernel software installed and running inside a Host VM may post improper commands to the GPU F…nvd · 2026-07-10
- unknownCVE-2026-34196: Software installed and run as a non-privileged user may conduct improper GPU system calls to c…nvd · 2026-07-10
- highCVE-2026-57278: GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Clo…nvd · 2026-07-02
- highCVE-2026-57277: GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Clo…nvd · 2026-07-02
More from NVD Recent CVEs
- unknownCVE-2026-57828: The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload t…2026-07-11
- unknownCVE-2026-57827: The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that al…2026-07-11
- highCVE-2026-1359: The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized m…2026-07-11
- highCVE-2026-9282: The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up…2026-07-11
- mediumCVE-2026-9017: The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to autho…2026-07-11