CVE-2025-58409

EPSS 0.02%
Veröffentlicht 13.01.2026 16:37:46
Zuletzt bearbeitet 30.01.2026 18:39:02
Quelle 367425dc-4d06-4041-9650-c2dc6a
CVE-Watchlists
Login
Unerledigt
Login

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.

Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.

This attack can lead the GPU to perform write operations on restricted internal GPU buffers that can lead to a second order affect of corrupted arbitrary physical memory.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Imaginationtech ≫ Ddk Version < 25.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.037

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	3.5	0.9	2.5	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-58409

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-58409

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-58409

EUVD