CVE-2025-58410

CVE-2025-58410: GPU DDK - Multiple calls into PhysmemGEMPrimeExport can inherit write access permission for an existing read-only dma_buf import PMR

Vendor Imagination Technologies
Product Graphics DDK
Weakness CWE-280
Published November 17, 2025
Last update November 17, 2025

CVSS base score

What the vulnerability does

01Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource.

Key dates

02Disclosure timeline

November 17, 2025 CVE published
November 17, 2025 Record updated