CVE-2025-25180

GPU DDK - Insufficient validation in RGXCREATEFREELIST creates corrupt freelist

CVSS 7.8 HIGHEPSS 0.1%CWE-823

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.8EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 jul 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Imagination Technologies · Graphics DDK

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.imaginationtech.com/gpu-driver-vulnerabilities/