CVE-2025-0467: GPU DDK - rgxfw_hwperf_get_packet_buffer OOB write

Description

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.

Classification

CVE ID: CVE-2025-0467

Problem Types

CWE - CWE-823: Use of Out-of-range Pointer Offset

Affected Products

Vendor: Imagination Technologies

Product: Graphics DDK

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.47% (scored less or equal to compared to others)

EPSS Date: 2025-05-09 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0467
https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Timeline

2025-04-18 02:40:22 UTC
CVE

GPU DDK - rgxfw_hwperf_get_packet_buffer OOB write