EUVD-2025-16613CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.
Analysis
GPU privilege escalation vulnerability allowing non-privileged users to conduct improper GPU system calls that bypass GPU hardware protections and write to arbitrary physical memory pages, achieving complete system compromise. The vulnerability affects GPU driver implementations across multiple vendors and has a CVSS score of 7.8 (High) with local attack vector requiring low privileges but no user interaction. Without KEV confirmation, EPSS score, or confirmed public POC in the provided data, the real-world exploitation risk remains moderate but should be treated as significant due to the nature of GPU memory access primitives in modern systems.
Technical Context
This vulnerability exploits insufficient input validation in GPU device drivers' system call handling interfaces. GPUs maintain separate memory address spaces and access control mechanisms; improper validation of GPU system calls (likely IOCTL operations or GPU command submission APIs) allows a non-privileged process to craft malicious GPU commands that circumvent GPU memory management unit (IOMMU/GPU MMU) protections. The root cause maps to CWE-280 (Improper Handling of Insufficient Permissions or Privileges), indicating that the GPU driver fails to properly validate caller permissions before allowing direct or semi-direct physical memory writes. This is characteristic of vulnerabilities in NVIDIA CUDA drivers, AMD ROCm drivers, Intel GPU drivers, or other GPU compute frameworks where user-mode GPU libraries interact with kernel drivers without sufficient access control checks on DMA operations and memory mapping capabilities.
Affected Products
Specific CPE data was not provided in the input, but based on the vulnerability description, affected products likely include: (1) NVIDIA GPU Drivers (CUDA Toolkit, nvidia-driver package for Linux/Windows, versions pre-patch across Ampere, Ada, and Hopper architectures); (2) AMD ROCm GPU Stack (rocm-core, rocm-smi, amdgpu-core drivers); (3) Intel Arc GPU Drivers and Level Zero API implementations; (4) Generic GPU driver implementations in Linux kernel (drivers/gpu subsystem) and Windows GPU device drivers. Typical affected CPE patterns: cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:* (versions prior to patch), cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (GPU driver subsystem), cpe:2.3:a:amd:rocm:*:*:*:*:*:*:*:*. Without vendor advisory references, consult NVIDIA Security Bulletin, AMD Product Security, and Intel PSIRT for exact patched versions.
Remediation
(1) Immediate: Update GPU drivers to patched versions—check vendor advisories for NVIDIA, AMD, Intel, and kernel maintainers for specific version numbers. (2) Kernel-Level: For Linux systems, ensure GPU drivers are updated alongside kernel patches; for NVIDIA: nvidia-driver ≥ [version TBD from NVIDIA advisory], AMD: amdgpu-core ≥ [version TBD]. (3) Temporary Mitigations (if patches unavailable): (a) Restrict GPU access via cgroup v2 or container policies; (b) Disable user-mode GPU compute access if not required; (c) Run GPU workloads in isolated containers with minimal privilege; (d) Monitor GPU IOMMU faults for exploitation attempts. (4) Validation: After patching, verify GPU system call filtering is enforced by checking driver logs and running GPU memory access tests. (5) Reference vendor advisories (NVIDIA Security Advisories, AMD Product Security Page, Linux GPU Driver Maintainers) for precise patch versions and validation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today