Use-After-Free Vulnerability in Imagination Technologies GPU Driver
CVE-2025-58408

5.9MEDIUM

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 1 December 2025

🔔 Create Imagination Technologies Vulnerability Alert

What is CVE-2025-58408?

The vulnerability arises from software running as a non-privileged user, allowing improper GPU system calls that may lead to reads of stale data. This scenario poses serious risks, including triggering kernel exceptions and potential write use-after-free errors. Since the stale data may contain references to resources whose counts can become imbalanced, it can result in premature destruction of those resources while they are still in use, leading to unstable system behavior and further security implications.

Affected Version(s)

Graphics DDK Linux 1.15 RTM

Graphics DDK Linux 1.17 RTM

Graphics DDK Linux 1.18 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2025
Vulnerability Reserved
Sep 1, 2025

JSON