Imagination Technologies GPU Driver Out-of-Bounds Write Vulnerability Allowing Platform Instability

A vulnerability exists in the GPU driver from Imagination Technologies, specifically in the GPU DDK, that allows software running as a non-privileged user to perform improper GPU system calls. This mismanagement can lead to out-of-bounds writes in kernel memory, causing platform instability and unexpected reboots. The issue arises from integer overflows in memory management functions, which can be exploited to write outside the allocated memory boundaries, particularly in virtualized environments.

Impact

Exploitation of this vulnerability can cause kernel memory corruption, leading to system crashes or instability. In virtualized environments, this can disrupt the operation of guest virtual machines.

Reproduction

The vulnerability can be reproduced by running software that makes GPU system calls through the improper use of the PowerVR GPU Driver. This can be done by creating a graphics application that manipulates GPU memory management functions, particularly those related to sparse allocations or physical memory reservations. The application should be executed in a virtualized environment as a non-privileged user, where it can exploit the GPU driver's mismanagement of memory references to perform out-of-bounds writes.

Remediation

Users can update to the latest version of the Imagination Technologies GPU driver, where this vulnerability has been addressed by introducing protections to prevent out-of-bounds writes from occurring.