Imagination Technologies GPU Driver Out-of-Bounds Write Vulnerability Allowing Memory Corruption

A vulnerability exists in the GPU driver provided by Imagination Technologies, specifically in the Graphics Processing Unit (GPU) Driver Development Kit (DDK) version 24.3 and earlier. This vulnerability allows kernel software running inside a Guest Virtual Machine (VM) to exploit memory shared with the GPU firmware. The exploitation can lead to unauthorized writes of data outside the Guest's virtualized GPU memory, potentially corrupting kernel memory or read-only system files.

Impact

Exploitation of this vulnerability causes out-of-bounds writes to the kernel memory heap, leading to memory corruption. In some cases, this can cause a denial-of-service by triggering a system out-of-memory condition or crashing the GPU firmware, which freezes graphics output.

Reproduction

The vulnerability can be reproduced by sending improper commands from the kernel software in a Guest VM to the GPU firmware. This can be done by manipulating the memory shared with the GPU to write data outside the allocated virtualized GPU memory. This exploitation takes advantage of specific DDK functions that do not properly validate user-mode parameters, allowing for arbitrary writes to physical memory.

Remediation

Users can update to the latest version of the Imagination Technologies GPU DDK, which includes patches to prevent the out-of-bounds writes by properly managing memory access and ensuring that GPU virtual mappings are removed when no longer needed.