CVE-2025-10865 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-10865?

CVE-2025-10865 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in Imagination Technologies GPU drivers where improper reference counting allows non-privileged users to potentially exploit GPU system calls. This could lead to memory corruption and system instability. Affected systems include those using Imagination GPU drivers with vulnerable versions.

📋 TL;DR

This CVE describes a use-after-free vulnerability in Imagination Technologies GPU drivers where improper reference counting allows non-privileged users to potentially exploit GPU system calls. This could lead to memory corruption and system instability. Affected systems include those using Imagination GPU drivers with vulnerable versions.

💻 Affected Systems

Products:

Imagination Technologies GPU drivers

Versions: Specific vulnerable versions not specified in CVE description

Operating Systems: Linux, Android, Other systems using Imagination GPU drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where Imagination GPU drivers are installed and GPU acceleration is enabled. The vulnerability requires non-privileged user access to trigger.

📦 What is this software?

Ddk by Imaginationtech

View all CVEs affecting Ddk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to arbitrary code execution with kernel privileges, potentially allowing attackers to install persistent malware or exfiltrate sensitive data.

🟠

Likely Case

System crashes, denial of service, or limited privilege escalation within the GPU context, potentially allowing escape from containerized environments.

🟢

If Mitigated

Application crashes or instability without privilege escalation if proper sandboxing and privilege separation are implemented.

🌐 Internet-Facing: LOW - This vulnerability requires local access or code execution on the target system, making direct internet exploitation unlikely.

🏢 Internal Only: MEDIUM - Malicious insiders or compromised user accounts could exploit this vulnerability to escalate privileges or cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of GPU memory management and driver internals. The vulnerability requires local access or ability to execute code on the target system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Imagination Technologies security advisory for specific patched versions

Vendor Advisory: https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Restart Required: Yes

Instructions:

1. Visit Imagination Technologies security advisory page. 2. Identify affected driver versions. 3. Download and install the latest patched driver version. 4. Reboot the system to ensure driver changes take effect.

🔧 Temporary Workarounds

Disable GPU acceleration for untrusted users

linux

Restrict GPU access to trusted users only to prevent exploitation

# Linux: Restrict GPU device access
chmod 660 /dev/dri/renderD*
# Linux: Use cgroups to restrict GPU access
cgcreate -g devices:gpu -t user:username
# Add appropriate device restrictions to cgroup

Implement strict privilege separation

linux

Ensure applications run with minimal privileges and proper sandboxing

# Use namespaces and capabilities to restrict access
podman run --security-opt=no-new-privileges --cap-drop=ALL --cap-add=CAP_SYS_ADMIN image
# Or use Docker with similar restrictions

🧯 If You Can't Patch

Implement strict access controls to limit which users can run GPU-accelerated applications
Monitor system logs for unusual GPU-related activity and implement application allowlisting

🔍 How to Verify

Check if Vulnerable:

Check GPU driver version and compare against Imagination Technologies security advisory. Use 'lspci -k' to identify GPU and driver information on Linux systems.

Check Version:

# Linux: Check GPU driver version
modinfo -F version [driver_module_name]
# Or check package manager for driver version
dpkg -l | grep imagination
rpm -qa | grep imagination

Verify Fix Applied:

Verify driver version has been updated to patched version. Test GPU functionality to ensure patch doesn't break required functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual GPU system calls from non-privileged users
GPU driver crash logs or kernel oops messages
Multiple failed GPU memory allocation attempts

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

source="kernel" AND ("GPU" OR "dri" OR "render") AND ("crash" OR "panic" OR "oops")

📊 Metadata

CVE ID: CVE-2025-10865

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (3.4th percentile)

Published: January 13, 2026

Last Updated: January 30, 2026

🔗 References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10865, you might also want to check these: