CVE-2025-58409
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-13

Last updated on: 2026-01-14

Assigner: imaginationtech

Description
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. This attack can lead the GPU to perform write operations on restricted internal GPU buffers that can lead to a second order affect of corrupted arbitrary physical memory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-14
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2025-58409
EUVD
EUVD-2026-2233
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
imagination_technologies gpu_driver_development_kit to 24.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves software running as a non-privileged user making improper GPU system calls that subvert the GPU hardware to write to arbitrary physical memory pages. Under certain conditions, this exploit can corrupt memory pages used by the kernel and drivers, altering their behavior. Essentially, it allows unauthorized write operations to restricted GPU buffers and arbitrary physical memory, potentially compromising system stability and security. [1]

Impact Analysis

The vulnerability can lead to unauthorized memory writes by non-privileged users, causing corruption of kernel and driver memory pages. This can result in altered system behavior, kernel crashes, platform instability, and potential escalation of privileges or unauthorized access to sensitive memory areas. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for improper GPU system calls and unusual GPU firmware behavior, such as unexpected kernel crashes, GPU instability, or abnormal memory access patterns. Specific commands are not provided in the resources, but monitoring kernel logs for GPU-related errors and using GPU driver diagnostic tools to check for firmware crashes or memory corruption may help identify exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include updating the Imagination Technologies GPU Driver Development Kit (DDK) firmware and kernel modules to the latest versions that include protections against out-of-bounds accesses, use-after-free conditions, improper GPU system calls, kernel information leaks, and kernel heap corruptions. Additionally, restrict GPU system call usage to trusted users and processes, and apply improved error handling and input validation as provided by the vendor updates. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58409. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart