Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-47891

Summary
Assigner-imaginationtech
Assigner Org ID-367425dc-4d06-4041-9650-c2dc6aaa27ce
Published At-31 Jan, 2025 | 03:11
Updated At-18 Mar, 2025 | 20:22
Rejected At-
Credits

GPU DDK - Exploitable double free on PTL_STREAM_DESC object in the kernel function TLServerCloseStreamKM due to a race condition

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:imaginationtech
Assigner Org ID:367425dc-4d06-4041-9650-c2dc6aaa27ce
Published At:31 Jan, 2025 | 03:11
Updated At:18 Mar, 2025 | 20:22
Rejected At:
â–¼CVE Numbering Authority (CNA)
GPU DDK - Exploitable double free on PTL_STREAM_DESC object in the kernel function TLServerCloseStreamKM due to a race condition

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Affected Products
Vendor
Imagination Technologies LimitedImagination Technologies
Product
Graphics DDK
Platforms
  • Linux
  • Android
Default Status
unknown
Versions
Affected
  • From 1.15 RTM through 24.3 RTM2 (custom)
Unaffected
  • 25.1 RTM (custom)
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416: Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416: Use After Free
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-124CAPEC-124: Shared Resource Manipulation
CAPEC ID: CAPEC-124
Description: CAPEC-124: Shared Resource Manipulation
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.imaginationtech.com/gpu-driver-vulnerabilities/
N/A
Hyperlink: https://www.imaginationtech.com/gpu-driver-vulnerabilities/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:367425dc-4d06-4041-9650-c2dc6aaa27ce
Published At:31 Jan, 2025 | 04:15
Updated At:15 Apr, 2026 | 00:35

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-416Secondary367425dc-4d06-4041-9650-c2dc6aaa27ce
CWE ID: CWE-416
Type: Secondary
Source: 367425dc-4d06-4041-9650-c2dc6aaa27ce
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.imaginationtech.com/gpu-driver-vulnerabilities/367425dc-4d06-4041-9650-c2dc6aaa27ce
N/A
Hyperlink: https://www.imaginationtech.com/gpu-driver-vulnerabilities/
Source: 367425dc-4d06-4041-9650-c2dc6aaa27ce
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1720Records found

CVE-2025-10865
Matching Score-10
Assigner-Imagination Technologies
ShareView Details
Matching Score-10
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.53%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:26
Updated-30 Jan, 2026 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - DevmemIntGetReservationData does not ref the PMR it returns

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to cause a potential use after free. Improper reference counting on an internal resource caused scenario where potential for use after free was present.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-ddkGraphics DDK
CWE ID-CWE-416
Use After Free
CVE-2025-0835
Matching Score-10
Assigner-Imagination Technologies
ShareView Details
Matching Score-10
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.84%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 11:42
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - _WrapExtMemReleasePages called twice if _FlushUMVirtualRange fails

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2024-47899
Matching Score-10
Assigner-Imagination Technologies
ShareView Details
Matching Score-10
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.16% / 5.89%
||
7 Day CHG+0.01%
Published-31 Jan, 2025 | 03:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - PVRSRVDeviceServicesOpen use-after-free condition

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2024-47892
Matching Score-10
Assigner-Imagination Technologies
ShareView Details
Matching Score-10
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.14% / 3.39%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 17:35
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - UAF of kernel memory in PMRUnlockPhysAddressesOSMem for on-demand non-4KB PMRs in system memory (UMA)

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2024-46971
Matching Score-10
Assigner-Imagination Technologies
ShareView Details
Matching Score-10
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.14% / 3.39%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 17:32
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - UAF of memory in PMRUnlockSysPhysAddressesLocalMem for on-demand PMRs on PCI (LMA) systems

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2024-46973
Matching Score-10
Assigner-Imagination Technologies
ShareView Details
Matching Score-10
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.21% / 10.97%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 04:56
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exploitable kernel use-after-free on psServerMMUContext due to reference count mismanagement

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2024-43701
Matching Score-10
Assigner-Imagination Technologies
ShareView Details
Matching Score-10
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.13% / 3.03%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 08:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - PowerVR: TLB invalidate UAF of dma_buf imported into multiple GPU devices

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDKgraphics_ddk
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2024-12837
Matching Score-10
Assigner-Imagination Technologies
ShareView Details
Matching Score-10
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.87%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 07:45
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Exploitable kernel double free on apsFenceSyncCheckpoints allocated with arbitrary size

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2026-41158
Matching Score-10
Assigner-Imagination Technologies
ShareView Details
Matching Score-10
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.12% / 2.02%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:57
Updated-15 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed the resource.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2024-47898
Matching Score-10
Assigner-Imagination Technologies
ShareView Details
Matching Score-10
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.16% / 5.89%
||
7 Day CHG+0.01%
Published-31 Jan, 2025 | 03:14
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - PVRSRVDeviceSyncOpen use-after-free condition

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2025-25179
Matching Score-8
Assigner-Imagination Technologies
ShareView Details
Matching Score-8
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.12% / 2.20%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 04:19
Updated-11 Jul, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Freelist GPU VA can be remapped to another reservation/PMR to trigger GPU arbitrary write to physical memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-ddkGraphics DDK
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2025-25178
Matching Score-8
Assigner-Imagination Technologies
ShareView Details
Matching Score-8
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.23% / 13.97%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:42
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - PhysmemWrapExtMem uiSize=0 corrupts kernel memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-0478
Matching Score-8
Assigner-Imagination Technologies
ShareView Details
Matching Score-8
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.14% / 3.45%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 11:37
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - PMMETA_PROTECT PMR can be exported as dma-buf file / GEM object

Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform, altering their behaviour.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2024-52938
Matching Score-8
Assigner-Imagination Technologies
ShareView Details
Matching Score-8
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.21% / 10.97%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 11:50
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - rgxfw_pm_add_freelist_for_reconstruction OOB write

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised GPU memory.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2024-52939
Matching Score-8
Assigner-Imagination Technologies
ShareView Details
Matching Score-8
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.17% / 6.50%
||
7 Day CHG~0.00%
Published-22 Feb, 2025 | 14:54
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - RGXFWIF_HWPERF_CTL_BLK.uiNumCounters OOB write

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2024-46972
Matching Score-8
Assigner-Imagination Technologies
ShareView Details
Matching Score-8
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.16% / 5.91%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 04:53
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Security: Reference count overflow in pvr_sync_rollback_export_fence

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-911
Improper Update of Reference Count
CVE-2024-46974
Matching Score-8
Assigner-Imagination Technologies
ShareView Details
Matching Score-8
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.82%
||
7 Day CHG+0.01%
Published-31 Jan, 2025 | 03:07
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Arbitrary write of read-only dmabuf

Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-274
Improper Handling of Insufficient Privileges
CVE-2025-25180
Matching Score-8
Assigner-Imagination Technologies
ShareView Details
Matching Score-8
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.13% / 3.10%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 01:36
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Insufficient validation in RGXCREATEFREELIST creates corrupt freelist

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2026-45195
Matching Score-8
Assigner-Imagination Technologies
ShareView Details
Matching Score-8
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.32%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 15:18
Updated-26 Jun, 2026 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2024-47900
Matching Score-8
Assigner-Imagination Technologies
ShareView Details
Matching Score-8
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.16% / 5.89%
||
7 Day CHG+0.01%
Published-31 Jan, 2025 | 03:19
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Multiple integer overflow in DmaTransfer PMR_DevPhysAddr functions leading to OOB writes

Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2024-43705
Matching Score-8
Assigner-Imagination Technologies
ShareView Details
Matching Score-8
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.14% / 3.85%
||
7 Day CHG~0.00%
Published-28 Dec, 2024 | 04:58
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Security: Exploitable PVRSRVBridgePhysmemWrapExtMem may lead to overwrite read-only file/memory (e.g. libc.so)

Software installed and run as a non-privileged user can trigger the GPU kernel driver to write to arbitrary read-only system files that have been mapped into application memory.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2026-22167
Matching Score-8
Assigner-Imagination Technologies
ShareView Details
Matching Score-8
Assigner-Imagination Technologies
CVSS Score-7.8||HIGH
EPSS-0.15% / 4.42%
||
7 Day CHG~0.00%
Published-01 May, 2026 | 15:48
Updated-01 Jun, 2026 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. This attack can lead the GPU to perform write operations on restricted internal GPU buffers that can lead to a second order affect of corrupted arbitrary physical memory.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-ddkGraphics DDK
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-25177
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-5.1||MEDIUM
EPSS-0.13% / 2.96%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 10:02
Updated-22 Sep, 2025 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Roll-back of pvr_exp_fence not in finalised state can cause UAF

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2025-1706
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-7.5||HIGH
EPSS-0.36% / 28.02%
||
7 Day CHG~0.00%
Published-17 May, 2025 | 00:40
Updated-19 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Improper locking when accessing the pvr_exp_fence object

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2025-13952
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 33.44%
||
7 Day CHG~0.00%
Published-24 Jan, 2026 | 02:26
Updated-28 Jan, 2026 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - libusc UAF via WebGPU shaders at MergeConsecutiveBarriersBP

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-ddkGraphics DDK
CWE ID-CWE-416
Use After Free
CVE-2024-43703
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-8.1||HIGH
EPSS-0.38% / 29.89%
||
7 Day CHG~0.00%
Published-30 Nov, 2024 | 02:39
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Duplicate calls to RGXCreateFreeList on the same reservation leads to GPU UAF

Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDKddk
CWE ID-CWE-416
Use After Free
CVE-2025-46710
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-5.7||MEDIUM
EPSS-0.18% / 7.50%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 11:13
Updated-21 Oct, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible kernel exceptions caused by reading and writing kernel heap data after free.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-ddkGraphics DDK
CWE ID-CWE-416
Use After Free
CVE-2026-41156
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-7.7||HIGH
EPSS-0.11% / 1.53%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 09:28
Updated-22 Jun, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firmware address without holding reference

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources creating a write use after free scenario. A shared resource (memory page) managed by a CPU thread of control (driver) and accessed by a GPU thread of control (Firmware) can cause a write UAF when the CPU thread frees the resource before the GPU FW has finished accessing it.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2026-34192
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-7.7||HIGH
EPSS-0.11% / 1.53%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 09:23
Updated-22 Jun, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - _MMU_AllocLevel error recovery paths leave dangling page table entries

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an error path leading to UAF of GPU page tables. The vulnerability allows physical memory allocated for MMU page tables to be used after being freed. This was caused by an error path that would not cleanup properly before freeing the physical allocation.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-416
Use After Free
CVE-2026-22165
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-8.1||HIGH
EPSS-0.35% / 26.60%
||
7 Day CHG~0.00%
Published-01 May, 2026 | 15:56
Updated-01 Jun, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the device.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-ddkGraphics DDK
CWE ID-CWE-416
Use After Free
CVE-2026-22166
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-8.1||HIGH
EPSS-0.35% / 26.60%
||
7 Day CHG~0.00%
Published-01 May, 2026 | 15:59
Updated-01 Jun, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable

A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the system.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-ddkGraphics DDK
CWE ID-CWE-416
Use After Free
CVE-2025-58408
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 1.70%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 11:16
Updated-29 Dec, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - KASAN Read UAF in the PVRSRVBridgeRGXSubmitTransfer2 due to improper error handling code

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free. The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in which the reference counts can become unbalanced. This can lead to the premature destruction of a resource while in use.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-ddkGraphics DDK
CWE ID-CWE-416
Use After Free
CVE-2025-58411
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-8.8||HIGH
EPSS-0.15% / 4.43%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 16:41
Updated-30 Jan, 2026 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Reservation::psMappedPMR can change while used by a freelist -> UAF

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario. Improper resource management and reference counting on an internal resource caused scenario where potential write use after free was present.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-ddkGraphics DDK
CWE ID-CWE-416
Use After Free
CVE-2025-46709
Matching Score-6
Assigner-Imagination Technologies
ShareView Details
Matching Score-6
Assigner-Imagination Technologies
CVSS Score-7.5||HIGH
EPSS-0.31% / 23.03%
||
7 Day CHG~0.00%
Published-08 Aug, 2025 | 23:27
Updated-17 Oct, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - Security fix for PP-171570 can lead to an uninitialised pointer dereference and memory leak

Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-ddkGraphics DDK
CWE ID-CWE-416
Use After Free
CVE-2025-26594
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.36% / 27.89%
||
7 Day CHG+0.01%
Published-25 Feb, 2025 | 15:53
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X.org: xwayland: use-after-free of the root cursor

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.

Action-Not Available
Vendor-tigervncX.Org FoundationRed Hat, Inc.
Product-xwaylandtigervncx_serverenterprise_linuxRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-416
Use After Free
CVE-2025-26648
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.42% / 33.87%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-416
Use After Free
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CVE-2025-68817
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.16% / 5.48%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 15:29
Updated-23 May, 2026 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency Under high concurrency, A tree-connection object (tcon) is freed on a disconnect path while another path still holds a reference and later executes *_put()/write on it.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CVE-2025-26600
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.36% / 27.89%
||
7 Day CHG+0.01%
Published-25 Feb, 2025 | 15:55
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg: xwayland: use-after-free in playreleasedevents()

A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.

Action-Not Available
Vendor-tigervncX.Org FoundationRed Hat, Inc.
Product-xwaylandtigervncx_serverenterprise_linuxRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-416
Use After Free
CVE-2025-26679
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.51% / 39.48%
||
7 Day CHG-0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RPC Endpoint Mapper Service Elevation of Privilege Vulnerability

Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_11_24h2windows_11_23h2windows_server_2019windows_server_2022windows_10_22h2windows_server_2016windows_server_2025windows_11_22h2windows_server_2022_23h2windows_10_1507windows_10_1809windows_10_1607windows_server_2012windows_10_21h2Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-26601
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.36% / 27.89%
||
7 Day CHG+0.01%
Published-25 Feb, 2025 | 15:55
Updated-29 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg: xwayland: use-after-free in syncinittrigger()

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers.

Action-Not Available
Vendor-tigervncX.Org FoundationRed Hat, Inc.
Product-xwaylandtigervncx_serverenterprise_linuxRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-416
Use After Free
CVE-2019-10621
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.20% / 9.78%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-04 Aug, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Nicobar, QCS405, Rennell, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm8150_firmwaresxr2130_firmwareqcs405_firmwarerennellrennell_firmwaresm8250_firmwaresc8180x_firmwaresdx55qcs405sm7150_firmwaresaipan_firmwaresm6150_firmwaresm6150sm8250sm8150sdx55_firmwaresm7150nicobar_firmwaresaipansxr2130sc8180xnicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-416
Use After Free
CVE-2020-29661
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.13% / 62.44%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 16:57
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncBroadcom Inc.NetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-a700s_firmwarea400_firmwaretekelec_platform_distributionactive_iq_unified_managerh410c_firmware8300_firmwaresolidfire_baseboard_management_controller8300debian_linuxlinux_kernel8700a400fedoraa700sh410cfabric_operating_systemsolidfire_baseboard_management_controller_firmware8700_firmwaren/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2025-24298
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.14% / 3.30%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 02:55
Updated-12 Aug, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
liteos_a has an UAF vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-24301
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.16% / 5.53%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an UAF vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-24855
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 24.28%
||
7 Day CHG~0.00%
Published-14 Mar, 2025 | 00:00
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

Action-Not Available
Vendor-libxml2 (XMLSoft)
Product-libxsltlibxslt
CWE ID-CWE-416
Use After Free
CVE-2025-23414
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-3.8||LOW
EPSS-0.16% / 5.53%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 03:44
Updated-11 Mar, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arkcompiler Ets Runtime has an UAF vulnerability

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-416
Use After Free
CVE-2025-24046
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 38.99%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-13 Feb, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_server_2022_23h2windows_server_2019windows_server_2025windows_11_24h2windows_10_22h2windows_10_1507windows_10_21h2windows_10_1809windows_11_22h2windows_server_2022windows_server_2016Windows Server 2025Windows 11 Version 23H2Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows 11 version 22H2
CWE ID-CWE-416
Use After Free
CVE-2025-24072
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 38.99%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-13 Feb, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Local Security Authority (LSA) Server Elevation of Privilege Vulnerability

Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_server_2025windows_11_23h2windows_10_21h2windows_server_2022windows_10_1607windows_server_2019windows_10_1507windows_server_2008windows_11_22h2windows_server_2016windows_server_2022_23h2windows_10_22h2windows_10_1809Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2025-24044
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.54% / 41.68%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:58
Updated-13 Feb, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2012windows_server_2025windows_11_23h2windows_10_21h2windows_server_2022windows_10_1607windows_server_2019windows_10_1507windows_11_22h2windows_server_2016windows_server_2022_23h2windows_10_22h2windows_10_1809Windows Server 2025Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2024-27061
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7.8||HIGH
EPSS-0.23% / 13.28%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 13:00
Updated-11 May, 2026 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
crypto: sun8i-ce - Fix use after free in unprepare

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8i_ce_cipher_unprepare should be called before crypto_finalize_skcipher_request, because client callbacks may immediately free memory, that isn't needed anymore. But it will be used by unprepare after free. Before removing prepare/unprepare callbacks it was handled by crypto engine in crypto_finalize_request. Usually that results in a pointer dereference problem during a in crypto selftest. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000004716d000 [0000000000000030] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP This problem is detected by KASAN as well. ================================================================== BUG: KASAN: slab-use-after-free in sun8i_ce_cipher_do_one+0x6e8/0xf80 [sun8i_ce] Read of size 8 at addr ffff00000dcdc040 by task 1c15000.crypto-/373 Hardware name: Pine64 PinePhone (1.2) (DT) Call trace: dump_backtrace+0x9c/0x128 show_stack+0x20/0x38 dump_stack_lvl+0x48/0x60 print_report+0xf8/0x5d8 kasan_report+0x90/0xd0 __asan_load8+0x9c/0xc0 sun8i_ce_cipher_do_one+0x6e8/0xf80 [sun8i_ce] crypto_pump_work+0x354/0x620 [crypto_engine] kthread_worker_fn+0x244/0x498 kthread+0x168/0x178 ret_from_fork+0x10/0x20 Allocated by task 379: kasan_save_stack+0x3c/0x68 kasan_set_track+0x2c/0x40 kasan_save_alloc_info+0x24/0x38 __kasan_kmalloc+0xd4/0xd8 __kmalloc+0x74/0x1d0 alg_test_skcipher+0x90/0x1f0 alg_test+0x24c/0x830 cryptomgr_test+0x38/0x60 kthread+0x168/0x178 ret_from_fork+0x10/0x20 Freed by task 379: kasan_save_stack+0x3c/0x68 kasan_set_track+0x2c/0x40 kasan_save_free_info+0x38/0x60 __kasan_slab_free+0x100/0x170 slab_free_freelist_hook+0xd4/0x1e8 __kmem_cache_free+0x15c/0x290 kfree+0x74/0x100 kfree_sensitive+0x80/0xb0 alg_test_skcipher+0x12c/0x1f0 alg_test+0x24c/0x830 cryptomgr_test+0x38/0x60 kthread+0x168/0x178 ret_from_fork+0x10/0x20 The buggy address belongs to the object at ffff00000dcdc000 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 64 bytes inside of freed 256-byte region [ffff00000dcdc000, ffff00000dcdc100)

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-416
Use After Free
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 34
  • 35
  • Next
Details not found