Imagination Technologies GPU Driver Arbitrary Read/Write Vulnerability in DMA Buffers

An arbitrary read/write vulnerability has been identified in the GPU driver of Imagination Technologies. This issue allows software running as a non-privileged user to perform improper read and write operations on imported or exported Direct Memory Access (DMA) buffers. The vulnerability arises from inadequate validation of memory access, enabling potential exploitation through manipulated DMA buffer references.

Impact

Exploitation of this vulnerability could lead to unauthorized read and write operations on physical memory, allowing for manipulation of kernel memory or interference with other processes.

Reproduction

The vulnerability can be reproduced by running a non-privileged user application that interacts with the GPU via the Imagination GPU Direct Driver. The application can exploit the vulnerability by sending commands that improperly reference DMA buffers, bypassing normal memory access controls.

Remediation

Users can update to the latest version of the Imagination GPU Driver Development Kit (DDK), which includes patches for this vulnerability. Instructions for updating the driver can be found on the Imagination Technologies website.