Vulnerability-Lookup

GHSA-2275-6765-H9PG

Vulnerability from github – Published: 2026-01-24 03:30 – Updated: 2026-01-24 03:30

Details

The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-13952"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-24T03:16:00Z",
    "severity": null
  },
  "details": "A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\nThe shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.",
  "id": "GHSA-2275-6765-h9pg",
  "modified": "2026-01-24T03:30:54Z",
  "published": "2026-01-24T03:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13952"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-13952 (GCVE-0-2025-13952)

Vulnerability from cvelistv5 – Published: 2026-01-24 02:26 – Updated: 2026-01-24 02:26

Title

GPU DDK - libusc UAF via WebGPU shaders at MergeConsecutiveBarriersBP

Summary

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.

Severity ?

No CVSS data available.

CWE

CWE-416 - CWE - CWE-416: Use After Free (4.18)

Assigner

imaginationtech

References

URL

Tags

https://www.imaginationtech.com/gpu-driver-vulner…

Impacted products

	Vendor	Product	Version
	Imagination Technologies	Graphics DDK	Unaffected: 1.17 RTM (custom) Unaffected: 1.18 RTM (custom) Unaffected: 23.2 RTM (custom) Unaffected: 24.1 RTM , ≤ 24.2 RTM (custom) Affected: 25.1 RTM , ≤ 25.2 RTM (custom) Unaffected: 25.3 RTM (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Linux",
            "Android"
          ],
          "product": "Graphics DDK",
          "vendor": "Imagination Technologies",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.17 RTM",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "1.18 RTM",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "23.2 RTM",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "24.2 RTM",
              "status": "unaffected",
              "version": "24.1 RTM",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "25.2 RTM",
              "status": "affected",
              "version": "25.1 RTM",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "25.3 RTM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\u003cbr\u003e\u003cbr\u003eThe shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.\u003cbr\u003e"
            }
          ],
          "value": "A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\nThe shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-129",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC - CAPEC-129: Pointer Manipulation (Version 3.9)"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE - CWE-416: Use After Free (4.18)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-24T02:26:49.238Z",
        "orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
        "shortName": "imaginationtech"
      },
      "references": [
        {
          "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "GPU DDK - libusc UAF via WebGPU shaders at MergeConsecutiveBarriersBP",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
    "assignerShortName": "imaginationtech",
    "cveId": "CVE-2025-13952",
    "datePublished": "2026-01-24T02:26:49.238Z",
    "dateReserved": "2025-12-03T11:48:53.858Z",
    "dateUpdated": "2026-01-24T02:26:49.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-2275-6765-H9PG

CVE-2025-13952 (GCVE-0-2025-13952)

Tags

Sightings

Nomenclature