CVE-2025-58409
BaseFortify
Publication date: 2026-01-13
Last updated on: 2026-01-14
Assigner: imaginationtech
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| imagination_technologies | gpu_driver_development_kit | to 24.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves software running as a non-privileged user making improper GPU system calls that subvert the GPU hardware to write to arbitrary physical memory pages. Under certain conditions, this exploit can corrupt memory pages used by the kernel and drivers, altering their behavior. Essentially, it allows unauthorized write operations to restricted GPU buffers and arbitrary physical memory, potentially compromising system stability and security. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized memory writes by non-privileged users, causing corruption of kernel and driver memory pages. This can result in altered system behavior, kernel crashes, platform instability, and potential escalation of privileges or unauthorized access to sensitive memory areas. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for improper GPU system calls and unusual GPU firmware behavior, such as unexpected kernel crashes, GPU instability, or abnormal memory access patterns. Specific commands are not provided in the resources, but monitoring kernel logs for GPU-related errors and using GPU driver diagnostic tools to check for firmware crashes or memory corruption may help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Imagination Technologies GPU Driver Development Kit (DDK) firmware and kernel modules to the latest versions that include protections against out-of-bounds accesses, use-after-free conditions, improper GPU system calls, kernel information leaks, and kernel heap corruptions. Additionally, restrict GPU system call usage to trusted users and processes, and apply improved error handling and input validation as provided by the vendor updates. [1]