CVE-2025-58410

Summary

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only.

This is caused by improper handling of the memory protections for the buffer resource.

Affected Software

VendorProductVersion RangeStatus
Imagination TechnologiesGraphics DDK1.15 RTMunaffected
Imagination TechnologiesGraphics DDK1.17 RTMunaffected
Imagination TechnologiesGraphics DDK1.18 RTMunaffected
Imagination TechnologiesGraphics DDK23.2 RTMunaffected
Imagination TechnologiesGraphics DDK23.3 RTM <= 25.1 RTM2affected
Imagination TechnologiesGraphics DDK25.2 RTMaffected

Weaknesses

  • CWE-280: CWE - CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.18)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References