CVE-2025-25177 — Use After Free in Technologies Graphics DDK

CWE-416 — Use After Free CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

5.1MEDIUMNVD

EPSS

0.0%

top 95.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagination Technologies Graphics DDK Google Android Msrc Cbl2 Luajit 2.1.0-27 ON CBL Mariner 2.0

Timeline

PublishedSep 22

Latest updateDec 1

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.5 | Impact: 2.5

Affected Packages3 packages

▶CVEListV5imagination_technologies/graphics_ddk24.1 RTM — 25.1 RTM2

▶googlegoogle/android

▶msrcmsrc/cbl2_luajit_2.1.0-27_on_cbl_mariner_2.0

🔴Vulnerability Details

GHSA

GHSA-8m32-wfr6-3f5w: Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions↗2025-09-22

▶

📋Vendor Advisories

Android

CVE-2025-25177: PowerVR-GPU↗2025-12-01

▶

Microsoft

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).↗2025-07-08

▶