Skip to main content

Ddk

18 CVEs product

Monthly

CVE-2026-22167 HIGH This Week

Local privilege escalation in Imagination Technologies Graphics DDK allows low-privileged users to corrupt kernel memory and driver data structures through malicious GPU system calls. The vulnerability affects DDK versions 1.18 RTM, 23.2 RTM, 24.1-24.2 RTM, and 25.1-25.3 RTM. Attackers with local access can force the GPU to write to arbitrary physical memory pages, including restricted internal GPU buffers and kernel memory regions, achieving complete system compromise (CVSS 7.8). EPSS data not available; no active exploitation confirmed per CISA SSVC framework (exploitation status: none), but the local attack vector and total technical impact make this critical for systems with untrusted local users.

Buffer Overflow Ddk
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22166 HIGH This Week

Use-after-free in Imagination Graphics DDK GPU GLES user-space library allows authenticated remote attackers to crash the GPU render process via crafted WebGPU content. CVSS 8.1 (High) with network vector and low complexity. On platforms where the GPU process runs with elevated system privileges, successful exploitation could enable system-level compromise beyond the initial crash. EPSS and KEV data not provided; SSVC framework indicates no confirmed exploitation, non-automatable attack, but total technical impact. Vendor patches available across affected DDK versions 1.18, 23.2, 24.1-24.2, and 25.1-25.3.

Denial Of Service Use After Free Memory Corruption Ddk
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-22165 HIGH This Week

Remote authenticated attackers can execute code or cause persistent denial-of-service in Imagination Technologies Graphics DDK by triggering a use-after-free in the GPU GLES render process via specially crafted WebGPU content. On platforms where the GPU driver runs with elevated system privileges, successful exploitation enables device-level compromise beyond the browser sandbox. EPSS data not available, no CISA KEV listing identified, no public POC confirmed. SSVC framework indicates no active exploitation and non-automatable attack requiring authenticated interaction.

Denial Of Service Use After Free Memory Corruption Ddk
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-21736 MEDIUM This Month

Improper GPU system call handling in the DDK allows non-privileged users to bypass memory protections on user-mode wrapped memory regions and gain unauthorized write access. An attacker with local access could exploit this to modify read-only memory structures, potentially compromising system integrity or escalating privileges. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Ddk
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-13952 CRITICAL Act Now

Write-after-free crash in GPU compiler process triggered by unusual GPU shader code loaded from the web. Browser vulnerability through WebGPU shader compilation.

Denial Of Service Use After Free Ddk
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-10865 HIGH This Week

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present. [CVSS 7.8 HIGH]

Use After Free Ddk
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58411 HIGH This Week

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. [CVSS 8.8 HIGH]

Use After Free Ddk
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-25176 CRITICAL Act Now

A hardware vulnerability allows exfiltration of intermediate register values from secure workloads running in ARM TrustZone or similar TEE environments. Non-secure applications can read secure-world register contents.

Information Disclosure Ddk
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-58408 MEDIUM This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in which the reference counts can become unbalanced. This can lead to the premature destruction of a resource while in use.

Denial Of Service Use After Free Memory Corruption Ddk
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-58407 HIGH This Month

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ddk
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-58410 HIGH This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ddk
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-46711 MEDIUM This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Ddk
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-46709 HIGH This Month

Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption Ddk
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-46708 MEDIUM This Month

CVE-2025-46708 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Ddk
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-46707 MEDIUM This Month

Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.

Information Disclosure Ddk
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-46710 MEDIUM This Month

Possible kernel exceptions caused by reading and writing kernel heap data after free.

Information Disclosure Use After Free Memory Corruption Ddk
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-25179 HIGH This Week

GPU privilege escalation vulnerability allowing non-privileged users to conduct improper GPU system calls that bypass GPU hardware protections and write to arbitrary physical memory pages, achieving complete system compromise. The vulnerability affects GPU driver implementations across multiple vendors and has a CVSS score of 7.8 (High) with local attack vector requiring low privileges but no user interaction. Without KEV confirmation, EPSS score, or confirmed public POC in the provided data, the real-world exploitation risk remains moderate but should be treated as significant due to the nature of GPU memory access primitives in modern systems.

Privilege Escalation Memory Corruption Ddk
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-0467 HIGH This Week

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Ddk
NVD
CVSS 3.1
8.2
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Imagination Technologies Graphics DDK allows low-privileged users to corrupt kernel memory and driver data structures through malicious GPU system calls. The vulnerability affects DDK versions 1.18 RTM, 23.2 RTM, 24.1-24.2 RTM, and 25.1-25.3 RTM. Attackers with local access can force the GPU to write to arbitrary physical memory pages, including restricted internal GPU buffers and kernel memory regions, achieving complete system compromise (CVSS 7.8). EPSS data not available; no active exploitation confirmed per CISA SSVC framework (exploitation status: none), but the local attack vector and total technical impact make this critical for systems with untrusted local users.

Buffer Overflow Ddk
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Use-after-free in Imagination Graphics DDK GPU GLES user-space library allows authenticated remote attackers to crash the GPU render process via crafted WebGPU content. CVSS 8.1 (High) with network vector and low complexity. On platforms where the GPU process runs with elevated system privileges, successful exploitation could enable system-level compromise beyond the initial crash. EPSS and KEV data not provided; SSVC framework indicates no confirmed exploitation, non-automatable attack, but total technical impact. Vendor patches available across affected DDK versions 1.18, 23.2, 24.1-24.2, and 25.1-25.3.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Remote authenticated attackers can execute code or cause persistent denial-of-service in Imagination Technologies Graphics DDK by triggering a use-after-free in the GPU GLES render process via specially crafted WebGPU content. On platforms where the GPU driver runs with elevated system privileges, successful exploitation enables device-level compromise beyond the browser sandbox. EPSS data not available, no CISA KEV listing identified, no public POC confirmed. SSVC framework indicates no active exploitation and non-automatable attack requiring authenticated interaction.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper GPU system call handling in the DDK allows non-privileged users to bypass memory protections on user-mode wrapped memory regions and gain unauthorized write access. An attacker with local access could exploit this to modify read-only memory structures, potentially compromising system integrity or escalating privileges. No patch is currently available for this medium-severity vulnerability.

Information Disclosure Ddk
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Write-after-free crash in GPU compiler process triggered by unusual GPU shader code loaded from the web. Browser vulnerability through WebGPU shader compilation.

Denial Of Service Use After Free Ddk
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present. [CVSS 7.8 HIGH]

Use After Free Ddk
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. [CVSS 8.8 HIGH]

Use After Free Ddk
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

A hardware vulnerability allows exfiltration of intermediate register values from secure workloads running in ARM TrustZone or similar TEE environments. Non-secure applications can read secure-world register contents.

Information Disclosure Ddk
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in which the reference counts can become unbalanced. This can lead to the premature destruction of a resource while in use.

Denial Of Service Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 7.4
HIGH This Month

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ddk
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ddk
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Ddk
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

CVE-2025-46708 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Ddk
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.

Information Disclosure Ddk
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Possible kernel exceptions caused by reading and writing kernel heap data after free.

Information Disclosure Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

GPU privilege escalation vulnerability allowing non-privileged users to conduct improper GPU system calls that bypass GPU hardware protections and write to arbitrary physical memory pages, achieving complete system compromise. The vulnerability affects GPU driver implementations across multiple vendors and has a CVSS score of 7.8 (High) with local attack vector requiring low privileges but no user interaction. Without KEV confirmation, EPSS score, or confirmed public POC in the provided data, the real-world exploitation risk remains moderate but should be treated as significant due to the nature of GPU memory access primitives in modern systems.

Privilege Escalation Memory Corruption Ddk
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Memory Corruption Ddk
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy