CVE-2025-58409 (CNNVD-202601-2156)
中文标题:
Imagination Graphics DDK 安全漏洞
英文标题:
GPU DDK - Disguised freelist buffers passed to RGXCreateHWRTDataSet can cause arbitrary physical memory writes corrupting memory
漏洞描述
中文描述:
Imagination Graphics DDK是英国Imagination公司的一款GPU驱动工具套件。 Imagination Graphics DDK存在安全漏洞,该漏洞源于非特权用户可能进行不当GPU系统调用,以破坏GPU硬件写入任意物理内存页,可能导致数据损坏。
英文描述:
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. This attack can lead the GPU to perform write operations on restricted internal GPU buffers that can lead to a second order affect of corrupted arbitrary physical memory.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Imagination Technologies | Graphics DDK | 1.15 RTM | - | - |
cpe:2.3:a:imagination_technologies:graphics_ddk:1.15_rtm:*:*:*:*:*:*:*
|
| Imagination Technologies | Graphics DDK | 1.17 RTM | - | - |
cpe:2.3:a:imagination_technologies:graphics_ddk:1.17_rtm:*:*:*:*:*:*:*
|
| Imagination Technologies | Graphics DDK | 1.18 RTM | - | - |
cpe:2.3:a:imagination_technologies:graphics_ddk:1.18_rtm:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-58409 |
2026-01-14 02:22:09 | 2026-01-14 06:07:44 |
| NVD | nvd_CVE-2025-58409 |
2026-01-14 03:00:13 | 2026-01-14 06:14:34 |
| CNNVD | cnnvd_CNNVD-202601-2156 |
2026-01-15 01:52:31 | 2026-01-15 01:53:18 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- severity: SeverityLevel.MEDIUM -> SeverityLevel.UNKNOWN
- cvss_score: 未提取 -> 0.0
- cnnvd_id: 未提取 -> CNNVD-202601-2156
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']