CVE-2025-0478
Published: 24 March 2025
Description
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
Security Summary
CVE-2025-0478 is a vulnerability in GPU drivers from Imagination Technologies that allows software running as a non-privileged user to make improper GPU system calls, enabling reads and writes to arbitrary physical memory pages. Under certain circumstances, this can corrupt data pages not allocated by the GPU driver, including memory pages used by the kernel and other drivers on the platform, thereby altering their behavior. The issue is classified under CWE-280 (Improper Handling of Insufficient Privileges or Capabilities) with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-03-24.
A local attacker with low privileges can exploit this vulnerability by executing malicious software on the affected system. Successful exploitation grants the ability to read sensitive data, modify critical memory regions, and disrupt system stability, potentially leading to arbitrary code execution in kernel space or denial of service through memory corruption.
For mitigation details, refer to the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability allows low-privileged local user to perform arbitrary physical memory reads/writes via GPU driver, directly enabling kernel-level code execution (T1068), credential/sensitive data access from memory (T1212), and system instability/DoS via memory corruption (T1499).