Every CVE whose affected-product data names Imaginationtech Ddk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2025-13952 — CVSS 9.8 (critical): A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free…
CVE-2026-21732 — CVSS 9.6 (critical): A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash…
CVE-2025-25176 — CVSS 9.1 (critical): Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in the non-secure…
CVE-2025-58411 — CVSS 8.8 (high): Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference…
CVE-2025-0467 — CVSS 8.2 (high): Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's…
CVE-2026-22165 — CVSS 8.1 (high): A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES…
CVE-2026-22166 — CVSS 8.1 (high): A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES…
CVE-2026-22167 — CVSS 7.8 (high): Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical…
CVE-2025-25179 — CVSS 7.8 (high): Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical…
CVE-2025-10865 — CVSS 7.8 (high): Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of reference counting to…
CVE-2026-22163 — CVSS 7.8 (high): Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows…
CVE-2026-45195 — CVSS 7.8 (high): Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write…
CVE-2026-21734 — CVSS 7.7 (high): A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash…
CVE-2025-46709 — CVSS 7.5 (high): Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception.
CVE-2025-58410 — CVSS 7.5 (high): Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers…
CVE-2025-58407 — CVSS 7.4 (high): Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and…
CVE-2023-4969 — CVSS 6.5 (medium): A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called…
CVE-2025-58408 — CVSS 5.9 (medium): Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to…
CVE-2025-46711 — CVSS 5.5 (medium): Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel…
CVE-2025-46707 — CVSS 5.2 (medium): Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.
CVE-2026-21736 — CVSS 4.4 (medium): Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped…
CVE-2025-46708 — CVSS 4.3 (medium): Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU.
CVE-2025-58409 — CVSS 3.5 (low): Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical…