CVE-2025-25180 — Use of Out-of-range Pointer Offset in Technologies Graphics DDK

CWE-823 — Use of Out-of-range Pointer Offset3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 91.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagination Technologies Graphics DDK Google Android

Timeline

PublishedJul 14

Latest updateSep 1

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5imagination_technologies/graphics_ddk23.2 RTM — 24.3 RTM1+3

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-f96v-vw98-7425: Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory page↗2025-07-14

▶

📋Vendor Advisories

Android

CVE-2025-25180: PowerVR-GPU↗2025-09-01

▶