Imagination Technologies GPU Driver Out-of-Bounds Read Vulnerability Allowing Memory Access Outside Guest VM

A vulnerability exists in the GPU driver of Imagination Technologies that allows kernel software running in a Guest VM to send improper commands to the GPU firmware. This can result in reading or writing data outside the virtualized GPU memory allocated to the guest. The issue arises from mismanagement of memory access, particularly with physical memory pages that have been freed or are not properly synchronized.

Impact

Exploitation of this vulnerability can lead to unauthorized access to physical memory, allowing for reading or writing of data that could disrupt normal system operations or compromise sensitive information.

Reproduction

The vulnerability can be reproduced by running kernel software in a Guest VM that interacts with the GPU driver. The software can exploit the vulnerability by sending commands that manipulate memory access, particularly targeting freed physical memory pages or bypassing memory protection mechanisms.

Remediation

Users can update to the latest version of the Imagination Technologies GPU driver, which includes patches for this vulnerability. Instructions for updating the driver can be found on the Imagination Technologies website.