Imagination Technologies GPU Driver Guest VM Memory Vulnerability

A vulnerability exists in the Imagination Technologies GPU driver within the Guest VM environment, allowing kernel software to exploit shared memory with the GPU firmware. This exploitation can lead to unauthorized writing of data into another Guest's virtualized GPU memory. The issue arises from improper management of memory access, particularly in scenarios involving sparse allocations and non-CPU mappable memory pages.

Impact

Exploitation of this vulnerability could result in unauthorized access to and manipulation of virtualized GPU memory, potentially leading to memory corruption issues or interference with GPU operations.

Reproduction

The vulnerability can be reproduced by running kernel software in a Guest VM that exploits the improper handling of memory shared with the GPU firmware. This can be done by sending commands that take advantage of the memory access vulnerabilities, particularly targeting virtual memory areas that are misconfigured or not properly locked.

Remediation

Users should update to the latest version of the Imagination Technologies GPU driver, as the DDK kernel module has been revised to prevent this type of memory exploitation.