Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-16613 Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 11 Jul 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Imaginationtech
Imaginationtech ddk
CPEs cpe:2.3:a:imaginationtech:ddk:*:*:*:*:*:*:*:*
Vendors & Products Imaginationtech
Imaginationtech ddk

Mon, 02 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 02 Jun 2025 04:30:00 +0000

Type Values Removed Values Added
Description Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.
Title GPU DDK - Freelist GPU VA can be remapped to another reservation/PMR to trigger GPU arbitrary write to physical memory
Weaknesses CWE-280
References

cve-icon MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published:

Updated: 2025-06-02T14:13:18.466Z

Reserved: 2025-02-03T18:12:50.622Z

Link: CVE-2025-25179

cve-icon Vulnrichment

Updated: 2025-06-02T14:12:49.725Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-02T05:15:20.160

Modified: 2025-07-11T16:29:31.430

Link: CVE-2025-25179

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.