CVE-2025-58408
MEDIUMImaginationTech DDK < 25.2 - Use-After-Free via GPU System Calls
Title source: llmDescription
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in which the reference counts can become unbalanced. This can lead to the premature destruction of a resource while in use.
References (1)
Core 1
Core References
Vendor Advisory
https://www.imaginationtech.com/gpu-driver-vulnerabilities/
Scores
CVSS v3
5.9
EPSS
0.0011
EPSS Percentile
1.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (1)
imaginationtech/ddk
< 25.2
Published
Dec 01, 2025
Tracked Since
Feb 18, 2026