CVE-2025-0468

HIGH Year: 2025
CVSS v3 Score
7.1
High
Weakness Type
CWE-280
View all →

Vulnerability Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour.

Related Vulnerabilities

CVE-2022-27167

HIGH
CVSS:7.1(High)

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ...

CWE-2802022

CVE-2023-0181

HIGH
CVSS:7.1(High)

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and dat...

CWE-2802023

CVE-2024-12430

HIGH
CVSS:7.0(High)

An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-1242...

CWE-2802024

CVE-2020-8219

HIGH
CVSS:7.2(High)

An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.

CWE-2802020

CVE-2023-41972

HIGH
CVSS:7.3(High)

In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later.

CWE-2802023

CVE-2023-32489

MEDIUM
CVSS:6.7(Medium)

Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, to bypass mode protections and gain ...

CWE-2802023