CVE-2025-0478 — Improper Handling of Insufficient Permissions or Privileges in Technologies Graphics DDK

CWE-280 — Improper Handling of Insufficient Permissions or Privileges3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 92.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagination Technologies Graphics DDK Google Android

Timeline

PublishedMar 24

Latest updateJun 1

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform, altering their behaviour.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5imagination_technologies/graphics_ddk1.15 RTM — 24.3 RTM2

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-pff8-m8jx-77fj: Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages↗2025-03-24

▶

📋Vendor Advisories

Android

CVE-2025-0478: PowerVR-GPU↗2025-06-01

▶