CVE-2025-58407 – GPU DDK – TOCTOU bug affecting psFWMemContext->uiPageCatBaseRegSet

CVE ID : CVE-2025-58407

Published : Nov. 17, 2025, 6:15 p.m. | 48 minutes ago

Description : Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or write of data outside the allotted memory escaping the virtual machine.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…