CVE-2025-46707
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-27
Last updated on: 2025-10-21
Assigner: imaginationtech
Description
Description
Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| imaginationtech | ddk | From 23.2 (inc) to 24.1 (exc) |
| imaginationtech | ddk | 1.15 |
| imaginationtech | ddk | 1.17 |
| imaginationtech | ddk | 1.18 |
| android | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-668 | The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows software running inside a Guest Virtual Machine (VM) to override the firmware's state and gain unauthorized access to the GPU.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could gain unauthorized access to the GPU, potentially leading to data leakage, unauthorized operations, or compromise of the virtualized environment's integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70