CVE-2025-25177 - Vulnerability Details - OpenCVE

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Imaginationtech	Graphics Ddk

No data.

No data.

References

Link	Providers
https://www.imaginationtech.com/gpu-driver-vulnerabilities/

History

Tue, 23 Sep 2025 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Imaginationtech Imaginationtech graphics Ddk
Vendors & Products		Imaginationtech Imaginationtech graphics Ddk

Mon, 22 Sep 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 22 Sep 2025 10:15:00 +0000

Type	Values Removed	Values Added
Description		Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Title		GPU DDK - Roll-back of pvr_exp_fence not in finalised state can cause UAF
Weaknesses		CWE-416
References		https://www.imaginationtech.com/gpu-driver-vulnerabilities/

MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published: 2025-09-22T10:02:55.722Z

Updated: 2025-09-22T14:12:26.721Z

Reserved: 2025-02-03T18:12:50.622Z

Link: CVE-2025-25177

Vulnrichment

Updated: 2025-09-22T14:11:57.037Z

NVD

Status : Awaiting Analysis

Published: 2025-09-22T10:15:36.787

Modified: 2025-09-22T21:22:33.590

Link: CVE-2025-25177

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-25177", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "state": "PUBLISHED", "assignerShortName": "imaginationtech", "dateReserved": "2025-02-03T18:12:50.622Z", "datePublished": "2025-09-22T10:02:55.722Z", "dateUpdated": "2025-09-22T14:12:26.721Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Linux", "Android"], "product": "Graphics DDK", "vendor": "Imagination Technologies", "versions": [{"lessThanOrEqual": "23.3 RTM", "status": "unaffected", "version": "1.15 RTM", "versionType": "custom"}, {"lessThanOrEqual": "25.1 RTM2", "status": "affected", "version": "24.1 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "25.2 RTM", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.<br>"}], "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions."}], "impacts": [{"capecId": "CAPEC-124", "descriptions": [{"lang": "en", "value": "CAPEC - CAPEC-124: Shared Resource Manipulation (Version 3.9)"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE - CWE-416: Use After Free (4.17)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2025-09-22T10:02:55.722Z"}, "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "title": "GPU DDK - Roll-back of pvr_exp_fence not in finalised state can cause UAF", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-22T14:12:02.948520Z", "id": "CVE-2025-25177", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-22T14:12:26.721Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-25177", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-22T14:12:02.948520Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-22T14:11:57.037Z"}}], "cna": {"title": "GPU DDK - Roll-back of pvr_exp_fence not in finalised state can cause UAF", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-124", "descriptions": [{"lang": "en", "value": "CAPEC - CAPEC-124: Shared Resource Manipulation (Version 3.9)"}]}], "affected": [{"vendor": "Imagination Technologies", "product": "Graphics DDK", "versions": [{"status": "unaffected", "version": "1.15 RTM", "versionType": "custom", "lessThanOrEqual": "23.3 RTM"}, {"status": "affected", "version": "24.1 RTM", "versionType": "custom", "lessThanOrEqual": "25.1 RTM2"}, {"status": "unaffected", "version": "25.2 RTM", "versionType": "custom"}], "platforms": ["Linux", "Android"], "defaultStatus": "unknown"}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.", "supportingMedia": [{"type": "text/html", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE - CWE-416: Use After Free (4.17)"}]}], "providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2025-09-22T10:02:55.722Z"}}}, "cveMetadata": {"cveId": "CVE-2025-25177", "state": "PUBLISHED", "dateUpdated": "2025-09-22T14:12:26.721Z", "dateReserved": "2025-02-03T18:12:50.622Z", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "datePublished": "2025-09-22T10:02:55.722Z", "assignerShortName": "imaginationtech"}, "dataVersion": "5.1"}