CVE-2025-58407 | THREATINT

Description

Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine.

PUBLISHED Reserved 2025-09-01 | Published 2025-11-17 | Updated 2025-11-17 | Assigner imaginationtech

Problem types

CWE - CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition (4.18)

Product status

Default status

unaffected

25.1 RTM2 (custom)

unaffected

25.2 RTM1 (custom)

affected

References

www.imaginationtech.com/gpu-driver-vulnerabilities/

cve.org (CVE-2025-58407)

nvd.nist.gov (CVE-2025-58407)

Download JSON