CVE-2025-58407

CVE-2025-58407: GPU DDK - TOCTOU bug affecting psFWMemContext->uiPageCatBaseRegSet

Vendor Imagination Technologies
Product Graphics DDK
Weakness CWE-367
Published November 17, 2025
Last update November 17, 2025

CVSS base score

What the vulnerability does

01Description

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine.

Key dates

02Disclosure timeline

November 17, 2025 CVE published
November 17, 2025 Record updated