CVE-2025-13952 - Vulnerability Details - OpenCVE

A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Imaginationtech	Graphics Ddk

No data.

No data.

References

Link	Providers
https://www.imaginationtech.com/gpu-driver-vulnerabilities/

History

Mon, 26 Jan 2026 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Mon, 26 Jan 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Imaginationtech Imaginationtech graphics Ddk
Vendors & Products		Imaginationtech Imaginationtech graphics Ddk

Sat, 24 Jan 2026 02:45:00 +0000

Type	Values Removed	Values Added
Description		A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.
Title		GPU DDK - libusc UAF via WebGPU shaders at MergeConsecutiveBarriersBP
Weaknesses		CWE-416
References		https://www.imaginationtech.com/gpu-driver-vulnerabilities/

MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published: 2026-01-24T02:26:49.238Z

Updated: 2026-01-26T15:13:20.874Z

Reserved: 2025-12-03T11:48:53.858Z

Link: CVE-2025-13952

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-01-24T03:16:00.360

Modified: 2026-01-26T16:15:57.743

Link: CVE-2025-13952

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13952", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "state": "PUBLISHED", "assignerShortName": "imaginationtech", "dateReserved": "2025-12-03T11:48:53.858Z", "datePublished": "2026-01-24T02:26:49.238Z", "dateUpdated": "2026-01-26T15:13:20.874Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Linux", "Android"], "product": "Graphics DDK", "vendor": "Imagination Technologies", "versions": [{"status": "unaffected", "version": "1.17 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "1.18 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "23.2 RTM", "versionType": "custom"}, {"lessThanOrEqual": "24.2 RTM", "status": "unaffected", "version": "24.1 RTM", "versionType": "custom"}, {"lessThanOrEqual": "25.2 RTM", "status": "affected", "version": "25.1 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "25.3 RTM", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.<br><br>The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.<br>"}], "value": "A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device.\n\nThe shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object."}], "impacts": [{"capecId": "CAPEC-129", "descriptions": [{"lang": "en", "value": "CAPEC - CAPEC-129: Pointer Manipulation (Version 3.9)"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE - CWE-416: Use After Free (4.18)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2026-01-24T02:26:49.238Z"}, "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "title": "GPU DDK - libusc UAF via WebGPU shaders at MergeConsecutiveBarriersBP", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-26T15:11:28.356805Z", "id": "CVE-2025-13952", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-26T15:13:20.874Z"}}]}}