CVE-2025-58408
Last modified
CVE-2025-58408 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in which the reference counts can become unbalanced. This can lead to the premature destruction of a resource while in use.. EPSS estimates a 0.11% chance of exploitation in the next 30 days.
Description
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in which the reference counts can become unbalanced. This can lead to the premature destruction of a resource while in use.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Imaginationtech | Ddk | <= 25.2 |
References
- https://www.imaginationtech.com/gpu-driver-vulnerabilities/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-58408?
How severe is CVE-2025-58408?
How do I fix CVE-2025-58408?
Are you affected by CVE-2025-58408?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST