Lucene search
+L

85 matches found

CNNVD
CNNVD
added 2025/08/04 12:0 a.m.5 views

Imagination Graphics DDK 安全漏洞

Imagination Graphics DDK is a suite of GPU driver tools from Imagination UK. A security vulnerability exists in the Imagination Graphics DDK, which originates from an unprivileged user being able to write to GPU read-only memory via a ptrace system call...

8.8CVSS6.5AI score0.00396EPSS
Exploits0References2
CVE
CVE
added 2025/07/14 1:36 a.m.33 views

CVE-2025-25180

CVE-2025-25180 affects Imagination Technologies’ PowerVR-GPU driver. The issue arises from insufficient validation in RGXCREATEFREELIST, allowing an unprivileged user to trigger improper GPU system calls that can subvert GPU hardware and write to arbitrary physical memory pages. Under certain con...

7.8CVSS6.9AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/14 1:36 a.m.15 views

CVE-2025-25180 GPU DDK - Insufficient validation in RGXCREATEFREELIST creates corrupt freelist

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kern...

0.00132EPSS
Exploits0References1
CVE
CVE
added 2025/06/27 5:4 p.m.38 views

CVE-2025-46708

CVE-2025-46708 affects Imagination Technologies PowerVR-GPU driver. The issue arises when software inside a Guest VM makes improper GPU system calls, delaying or blocking the GPU for other guests and preventing them from processing workloads. The vulnerability is described as enabling guest VMs t...

4.3CVSS6.5AI score0.00165EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/06/02 4:19 a.m.71 views

CVE-2025-25179

CVE-2025-25179 is a local vulnerability in the Imagination Technologies PowerVR-GPU driver. A non-privileged user may issue improper GPU system calls that subvert GPU hardware and write to arbitrary physical memory pages. Reported base metrics indicate local access, low privileges required, and h...

7.8CVSS6.5AI score0.00121EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/06/02 4:19 a.m.24 views

CVE-2025-25179 GPU DDK - Freelist GPU VA can be remapped to another reservation/PMR to trigger GPU arbitrary write to physical memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages...

0.00121EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/17 12:47 a.m.25 views

CVE-2024-47893 GPU DDK - OOB read and write of the shared KMD/FW memory heap (VZ/TEE setups)

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory...

0.00225EPSS
Exploits0References1
CVE
CVE
added 2025/05/17 12:47 a.m.94 views

CVE-2024-47893

CVE-2024-47893 is a vulnerability in kernel software in a guest VM that can read/write data outside the VM’s virtualised GPU memory by exploiting shared memory with the GPU firmware. Multiple connected sources (NVD, Red Hat, CVE listing, CNNVD) confirm the issue affects Imagination Technologies’ ...

6.5CVSS6.4AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/17 12:40 a.m.9 views

CVE-2025-1706 GPU DDK - Improper locking when accessing the pvr_exp_fence object

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions...

6.8AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/17 12:40 a.m.21 views

CVE-2025-1706 GPU DDK - Improper locking when accessing the pvr_exp_fence object

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions...

0.0036EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/17 12:0 a.m.10 views

PT-2025-21767 · Imagination Technologies · Graphics Ddk

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue allows software installed and run as a non-privileged user to conduct improper GPU system calls, potentially triggering use-after-free kernel exceptions. Recommendations: At the...

7.5CVSS6.1AI score0.0036EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/18 12:32 a.m.7 views

CVE-2025-0467 GPU DDK - rgxfw_hwperf_get_packet_buffer OOB write

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory...

8.2AI score0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/04 3:42 p.m.6 views

CVE-2025-25178 GPU DDK - PhysmemWrapExtMem uiSize=0 corrupts kernel memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption...

7AI score0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/04 3:42 p.m.19 views

CVE-2025-25178 GPU DDK - PhysmemWrapExtMem uiSize=0 corrupts kernel memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption...

0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 11:42 a.m.16 views

CVE-2025-0835 GPU DDK - _WrapExtMemReleasePages called twice if _FlushUMVirtualRange fails

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory...

0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/24 11:42 a.m.6 views

CVE-2025-0835 GPU DDK - _WrapExtMemReleasePages called twice if _FlushUMVirtualRange fails

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory...

7.1AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 11:37 a.m.21 views

CVE-2025-0478 GPU DDK - PMMETA_PROTECT PMR can be exported as dma-buf file / GEM object

Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kerne...

0.00137EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/07 7:45 a.m.7 views

CVE-2024-12837 GPU DDK - Exploitable kernel double free on apsFenceSyncCheckpoints allocated with arbitrary size

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory...

7.1AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/07 7:45 a.m.17 views

CVE-2024-12837 GPU DDK - Exploitable kernel double free on apsFenceSyncCheckpoints allocated with arbitrary size

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory...

0.00157EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/07 7:36 a.m.5 views

CVE-2024-12576 GPU DDK - Untrusted app can crash firmware by forcing MCU access to non-aligned address

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a crash of the FW running on the GPU freezing graphics output...

7.1AI score0.0014EPSS
Exploits0References1
Rows per page
Query Builder