Summaryinfo

A vulnerability was found in Imagination Graphics DDK up to 24.2 RTM2. It has been classified as critical. Affected is an unknown function of the component GPU System Call Handler. This manipulation causes use after free. The identification of this vulnerability is CVE-2025-0835. The attack can only be executed locally. There is no exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability has been found in Imagination Graphics DDK up to 24.2 RTM2 and classified as critical. Affected by this vulnerability is an unknown code block of the component GPU System Call Handler. The manipulation with an unknown input leads to a use after free vulnerability. The CWE definition for the vulnerability is CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.

It is possible to read the advisory at imaginationtech.com. This vulnerability is known as CVE-2025-0835 since 01/29/2025. The exploitation appears to be easy. Attacking locally is a requirement. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 24.3 RTM eliminates this vulnerability.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• Imagination

Name

• Graphics DDK

Version

• 24.2 RTM2

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion