CVE-2025-0468 (GCVE-0-2025-0468)
Vulnerability from cvelistv5
Published
2025-04-04 15:39
Modified
2025-04-07 14:48
Severity ?
EPSS score ?
Summary
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.
Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Imagination Technologies | Graphics DDK |
Version: 1.15 RTM < Patch: 25.1 RTM |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2025-0468", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-07T14:47:23.907010Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-07T14:48:05.895Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", platforms: [ "Linux", "Android", ], product: "Graphics DDK", vendor: "Imagination Technologies", versions: [ { lessThanOrEqual: "24.3 RTM", status: "affected", version: "1.15 RTM", versionType: "custom", }, { status: "unaffected", version: "25.1 RTM", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.</p><p>Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.</p>", }, ], value: "Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.\n\nUnder certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.", }, ], impacts: [ { capecId: "CAPEC-679", descriptions: [ { lang: "en", value: "CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-280", description: "CWE-280: Improper Handling of Insufficient Permissions or Privileges", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-04T15:39:37.798Z", orgId: "367425dc-4d06-4041-9650-c2dc6aaa27ce", shortName: "imaginationtech", }, references: [ { url: "https://www.imaginationtech.com/gpu-driver-vulnerabilities/", }, ], source: { discovery: "UNKNOWN", }, title: "GPU DDK - ui64RobustnessAddress can overwrite Freelist / HWRT (and bypass PMMETA)", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "367425dc-4d06-4041-9650-c2dc6aaa27ce", assignerShortName: "imaginationtech", cveId: "CVE-2025-0468", datePublished: "2025-04-04T15:39:37.798Z", dateReserved: "2025-01-14T09:32:36.718Z", dateUpdated: "2025-04-07T14:48:05.895Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2025-0468\",\"sourceIdentifier\":\"367425dc-4d06-4041-9650-c2dc6aaa27ce\",\"published\":\"2025-04-04T16:15:17.873\",\"lastModified\":\"2025-04-07T15:15:42.223\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.\\n\\nUnder certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.\"},{\"lang\":\"es\",\"value\":\"El software instalado y ejecutado por un usuario sin privilegios puede realizar llamadas indebidas al sistema de la GPU para alterar el hardware de la GPU y escribir en páginas arbitrarias de memoria física. En ciertas circunstancias, este exploit podría utilizarse para corromper páginas de datos no asignadas por el controlador de la GPU, sino páginas de memoria utilizadas por el kernel y los controladores de la plataforma, alterando así su comportamiento.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"367425dc-4d06-4041-9650-c2dc6aaa27ce\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-280\"}]}],\"references\":[{\"url\":\"https://www.imaginationtech.com/gpu-driver-vulnerabilities/\",\"source\":\"367425dc-4d06-4041-9650-c2dc6aaa27ce\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0468\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-07T14:47:23.907010Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-07T14:48:00.663Z\"}}], \"cna\": {\"title\": \"GPU DDK - ui64RobustnessAddress can overwrite Freelist / HWRT (and bypass PMMETA)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-679\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections\"}]}], \"affected\": [{\"vendor\": \"Imagination Technologies\", \"product\": \"Graphics DDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.15 RTM\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"24.3 RTM\"}, {\"status\": \"unaffected\", \"version\": \"25.1 RTM\", \"versionType\": \"custom\"}], \"platforms\": [\"Linux\", \"Android\"], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://www.imaginationtech.com/gpu-driver-vulnerabilities/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.\\n\\nUnder certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<p>Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.</p><p>Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.</p>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-280\", \"description\": \"CWE-280: Improper Handling of Insufficient Permissions or Privileges\"}]}], \"providerMetadata\": {\"orgId\": \"367425dc-4d06-4041-9650-c2dc6aaa27ce\", \"shortName\": \"imaginationtech\", \"dateUpdated\": \"2025-04-04T15:39:37.798Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2025-0468\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-07T14:48:05.895Z\", \"dateReserved\": \"2025-01-14T09:32:36.718Z\", \"assignerOrgId\": \"367425dc-4d06-4041-9650-c2dc6aaa27ce\", \"datePublished\": \"2025-04-04T15:39:37.798Z\", \"assignerShortName\": \"imaginationtech\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.