CVE-2025-58410

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.imaginationtech.com/gpu-driver-vulnerabilities/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:imaginationtech:ddk:23.3:rtm::::::
	cpe:2.3:a:imaginationtech:ddk:24.1:-::::::
	cpe:2.3:a:imaginationtech:ddk:24.2:-::::::
	cpe:2.3:a:imaginationtech:ddk:24.2:rtm1::::::
	cpe:2.3:a:imaginationtech:ddk:24.2:rtm2::::::
	cpe:2.3:a:imaginationtech:ddk:24.3:-::::::
	cpe:2.3:a:imaginationtech:ddk:25.1:-::::::
	cpe:2.3:a:imaginationtech:ddk:25.2:-::::::
	cpe:2.3:a:imaginationtech:ddk:25.2:rtm::::::

History

No history.

Information

Published : 2025-11-17 17:15

Updated : 2026-01-12 15:14

NVD link : CVE-2025-58410

Mitre link : CVE-2025-58410

CVE.ORG link : CVE-2025-58410

JSON object : View

Products Affected

imaginationtech

ddk

CWE

CWE-280

Improper Handling of Insufficient Permissions or Privileges

{"id": "CVE-2025-58410", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-11-17T17:15:48.880", "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/", "tags": ["Vendor Advisory"], "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "description": [{"lang": "en", "value": "CWE-280"}]}], "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only.\n\nThis is caused by improper handling of the memory protections for the buffer resource."}], "lastModified": "2026-01-12T15:14:01.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:imaginationtech:ddk:23.3:rtm:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBB46CFB-7819-4225-AD3E-EB13F7E61444"}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:24.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB68E2A0-27F5-42E4-8240-DBDB1C43BEA1"}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:24.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F79525E7-FAC1-40D0-BD11-D0BA905E72A6"}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:24.2:rtm1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9428B407-244E-4123-B47B-050F0D6C8712"}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:24.2:rtm2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7DB1A5B-11BE-48D4-9EF9-001EB3575F40"}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:24.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "662F2758-3CFA-4571-8C97-65E706DD8758"}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:25.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27FDCFEF-64B2-4CE6-A22A-B87A827E288F"}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:25.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29AB05F8-8045-4857-8905-3DDF94C841B7"}, {"criteria": "cpe:2.3:a:imaginationtech:ddk:25.2:rtm:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BACA4D29-2B32-46BC-9427-70368ADB9A40"}], "operator": "OR"}]}], "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce"}