CVE-2026-22164

Vulnerability

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. This vulnerability, identified as CVE-2025-58411, affects DDK Releases up to and including 25.2 RTM [1]. The issue arises from mismanagement of resource reference counting, potentially creating a use-after-free scenario [1].

Exploitation

An attacker needs to run software as a non-privileged user. By creating resources of certain types and presenting a set of parameters to the affected interface, the exploit can be used to corrupt kernel memory. This involves causing mismanagement of reference counting, leading to a use-after-free scenario [1].

Impact

Successful exploitation allows an attacker to corrupt kernel memory, potentially leading to a use-after-free condition. This could result in denial-of-service or, in some scenarios, arbitrary code execution within the kernel context.

Mitigation

The DDK kernel module has been updated to address this improper use of GPU system calls to ensure that resources cannot prematurely free whilst references exist. DDK Releases up to and including 25.2 RTM are affected. A resolution is available in updated DDK releases [1].