CVE-2025-46711 - Vulnerability Details - OpenCVE

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Imaginationtech	Graphics Ddk

No data.

No data.

References

Link	Providers
https://www.imaginationtech.com/gpu-driver-vulnerabilities/

History

Tue, 23 Sep 2025 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Imaginationtech Imaginationtech graphics Ddk
Vendors & Products		Imaginationtech Imaginationtech graphics Ddk

Mon, 22 Sep 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 22 Sep 2025 10:30:00 +0000

Type	Values Removed	Values Added
Description		Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions.
Title		GPU DDK - NULL Pointer dereference occurs in LockHandle on bridge entry when connection misused
Weaknesses		CWE-476
References		https://www.imaginationtech.com/gpu-driver-vulnerabilities/

MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published: 2025-09-22T10:21:29.352Z

Updated: 2025-09-22T13:06:14.173Z

Reserved: 2025-04-28T18:57:24.838Z

Link: CVE-2025-46711

Vulnrichment

Updated: 2025-09-22T13:06:10.370Z

NVD

Status : Awaiting Analysis

Published: 2025-09-22T11:15:35.037

Modified: 2025-09-22T21:22:33.590

Link: CVE-2025-46711

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-46711", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "state": "PUBLISHED", "assignerShortName": "imaginationtech", "dateReserved": "2025-04-28T18:57:24.838Z", "datePublished": "2025-09-22T10:21:29.352Z", "dateUpdated": "2025-09-22T13:06:14.173Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Linux", "Android"], "product": "Graphics DDK", "vendor": "Imagination Technologies", "versions": [{"status": "unaffected", "version": "1.15 RTM", "versionType": "custom"}, {"status": "affected", "version": "1.17 RTM", "versionType": "custom"}, {"status": "affected", "version": "1.18 RTM", "versionType": "custom"}, {"lessThanOrEqual": "25.1 RTM1", "status": "affected", "version": "23.2 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "25.1 RTM2", "versionType": "custom"}, {"status": "unaffected", "version": "25.2 RTM", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions.<br>"}], "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions."}], "impacts": [{"capecId": "CAPEC-124", "descriptions": [{"lang": "en", "value": "CAPEC-124: Shared Resource Manipulation"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2025-09-22T10:21:29.352Z"}, "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "title": "GPU DDK - NULL Pointer dereference occurs in LockHandle on bridge entry when connection misused", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-22T13:05:52.544386Z", "id": "CVE-2025-46711", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-22T13:06:14.173Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-46711", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-22T13:05:52.544386Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-22T13:06:10.370Z"}}], "cna": {"title": "GPU DDK - NULL Pointer dereference occurs in LockHandle on bridge entry when connection misused", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-124", "descriptions": [{"lang": "en", "value": "CAPEC-124: Shared Resource Manipulation"}]}], "affected": [{"vendor": "Imagination Technologies", "product": "Graphics DDK", "versions": [{"status": "unaffected", "version": "1.15 RTM", "versionType": "custom"}, {"status": "affected", "version": "1.17 RTM", "versionType": "custom"}, {"status": "affected", "version": "1.18 RTM", "versionType": "custom"}, {"status": "affected", "version": "23.2 RTM", "versionType": "custom", "lessThanOrEqual": "25.1 RTM1"}, {"status": "unaffected", "version": "25.1 RTM2", "versionType": "custom"}, {"status": "unaffected", "version": "25.2 RTM", "versionType": "custom"}], "platforms": ["Linux", "Android"], "defaultStatus": "unknown"}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions.", "supportingMedia": [{"type": "text/html", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2025-09-22T10:21:29.352Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46711", "state": "PUBLISHED", "dateUpdated": "2025-09-22T13:06:14.173Z", "dateReserved": "2025-04-28T18:57:24.838Z", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "datePublished": "2025-09-22T10:21:29.352Z", "assignerShortName": "imaginationtech"}, "dataVersion": "5.1"}