The GPU driver for Imagination Technologies contains an insufficient permission check in the PhysmemWrapExtMem function that allows any non‑privileged user to perform GPU system calls with write attribute support enabled. This flaw permits the attacker to gain write access to memory that should be read‑only, effectively bypassing the driver’s memory protection safeguards. The vulnerability represents an Improper Access Control issue (CWE‑280) and can be used to modify memory used by other processes, allowing local privilege escalation or unauthorized data manipulation.

Systems that run Imagination Technologies Graphics DDK version 25.1—including the RTM2 runtime—are affected when the driver is compiled or configured with write attribute support enabled. Any host that installs this DDK and allows non‑privileged users to issue GPU commands may be impacted; no other products or vendors are listed in the available data.

The CVSS base score of 4.4 indicates a moderate severity, while the EPSS score below 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog, and public exploits are not documented. Exploitation would require a local user with the ability to run GPU workloads, making the attack vector local. Given these conditions, the overall risk is moderate, but can be mitigated by applying vendor patches or disabling the write attribute feature.