CVE-2025-46707Resource Exposure in DDK

CWE-668Resource ExposureCWE-476NULL Pointer Dereference4 documents4 sources
Severity
5.2MEDIUMNVD
EPSS
0.0%
top 92.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Imaginationtech DDKImagination Technologies Graphics DDKGoogle Android+8 more
Timeline
PublishedJun 27
Latest updateSep 1

Description

Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 2.0 | Impact: 2.7

Affected Packages11 packages

NVDimaginationtech/ddk23.224.1+3
CVEListV5imagination_technologies/graphics_ddk23.2 RTM123.3 RTM+3

🔴Vulnerability Details

1
GHSA
GHSA-47gr-xff6-mq74: Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU2025-06-27

📋Vendor Advisories

2
Android
CVE-2025-46707: PowerVR-GPU2025-09-01
Microsoft
KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv32024-09-10