EUVD-2025-21295
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.
Analysis
CVE-2025-25180 is a privilege escalation vulnerability affecting GPU drivers that allows non-privileged users to conduct improper GPU system calls, enabling arbitrary writes to physical memory pages including kernel and driver memory. This vulnerability could allow local attackers to corrupt critical kernel data structures and alter system behavior, potentially leading to complete system compromise. The attack requires local access and low privilege level but has high impact across confidentiality, integrity, and availability.
Technical Context
This vulnerability exploits improper input validation in GPU driver interfaces that handle GPU system calls (likely DMA or memory mapping operations). The root cause falls under CWE-823 (Use of Out-of-bounds Index), indicating that GPU drivers fail to properly validate memory access bounds when processing system calls from non-privileged user processes. Modern GPUs have direct memory access (DMA) capabilities that, when improperly controlled, can bypass Memory Management Unit (MMU) protections. The vulnerability specifically allows crafted GPU commands to write to arbitrary physical memory pages outside the GPU driver's allocated memory regions, potentially reaching kernel-managed pages and driver data structures. This affects GPU driver stacks (likely NVIDIA, AMD, or Intel integrated graphics drivers) that run on systems with separate privilege domains between user-space GPU libraries and kernel-mode drivers.
Affected Products
GPU drivers from multiple vendors are likely affected, though specific CPE strings are not provided in the vulnerability description. Likely affected product families include: (1) NVIDIA GPU drivers (CUDA toolkit, GeForce/Tesla driver stacks) on Linux and Windows; (2) AMD GPU drivers (AMDGPU, Radeon drivers) on Linux and Windows; (3) Intel integrated GPU drivers (i915 on Linux, Intel HD Graphics drivers on Windows); (4) Systems with any GPU supporting DMA and user-space GPU libraries (OpenGL, Vulkan, CUDA, HIP). Without vendor-specific CVE advisories or CPE data, affected versions likely span multiple driver versions released before a patched release. Affected configurations include: any system where non-privileged users can execute GPU workloads (standard Linux/Windows user accounts with GPU access). Systems running headless compute GPUs or those with GPU resource sharing are at highest risk.
Remediation
Immediate mitigation steps: (1) Apply GPU driver updates from the respective vendor (NVIDIA, AMD, Intel) immediately upon release—prioritize over standard patching windows; (2) Restrict GPU access to trusted users only by modifying device permissions (e.g., `chmod 660 /dev/nvidia*` on Linux, or leveraging OS access control lists); (3) Disable GPU user-space access if not required (e.g., remove GPU libraries from non-admin environments); (4) Run GPU workloads only in sandboxed or containerized environments with explicit capability restrictions; (5) Monitor for suspicious GPU driver system calls using audit logging (`auditctl` on Linux) or GPU driver instrumentation. Vendor-specific patches: Watch official security bulletins from NVIDIA Security Center, AMD Security Advisories, and Intel Product Security Center for patched driver versions. Workarounds: If patched drivers are unavailable, disable discrete GPU usage and rely on CPU-only workloads; implement kernel module signature enforcement to prevent loading of compromised GPU drivers.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today