CVE-2025-58407 — Time-of-check Time-of-use (TOCTOU) Race Condition in Technologies Graphics DDK

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition2 documents2 sources

Severity

7.4HIGHNVD

EPSS

0.0%

top 94.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagination Technologies Graphics DDK Imaginationtech DDK

Timeline

PublishedNov 17

Description

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶NVDimaginationtech/ddk25.2

▶CVEListV5imagination_technologies/graphics_ddk25.2 RTM1

🔴Vulnerability Details

GHSA

GHSA-2pf4-7467-2jm6: Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read↗2025-11-17

▶