CVE-2025-13952

Critical CVSS: 9.8

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.

The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.

Vendor

Imaginationtech

Product

Ddk

CWE

CWE-416

Yayın Tarihi

2026-01-24 03:16:00

Güncelleme

2026-01-28 18:33:18

Source Identifier

367425dc-4d06-4041-9650-c2dc6aaa27ce

KEV Date Added

Kategoriler

CWE-416 Ddk CRITICAL Imaginationtech 2026

Referanslar

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Benzer Kayıtlar

Medium

CVE-2026-21736

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to re…

High

CVE-2025-10865

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of refe…

Low

CVE-2025-58409

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to…

High

CVE-2025-58411

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reso…

Critical

CVE-2025-25176

Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in…

Medium

CVE-2025-58408

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data…