Improper GPU System Calls Vulnerability in Imagination Technologies' Software
CVE-2025-0835

7.8HIGH

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 24 March 2025

🔔 Create Imagination Technologies Vulnerability Alert

What is CVE-2025-0835?

A vulnerability exists in Imagination Technologies' GPU Driver that allows unauthorized software running as a non-privileged user to improperly execute GPU system calls. This misbehavior can lead to corruption of the kernel heap memory, posing significant security risks to the system. Properly configured access controls and regular software updates are essential to mitigate potential exploits stemming from this vulnerability.

Affected Version(s)

Graphics DDK Linux 23.2 RTM <= 24.2 RTM2

Graphics DDK Linux 1.15 RTM

Graphics DDK Linux 24.3 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2025
Vulnerability Reserved
Jan 29, 2025

JSON