Imagination Technologies GPU Driver Use-After-Free Vulnerability in Kernel

A use-after-free vulnerability has been identified in the GPU driver from Imagination Technologies. This issue arises when software, running as a non-privileged user, makes improper GPU system calls. These calls can trigger use-after-free exceptions in the kernel, leading to potential memory corruption or exploitation.

Impact

Exploitation of this vulnerability causes use-after-free exceptions in the kernel, which can lead to memory corruption.

Reproduction

The vulnerability can be reproduced by running software that makes improper GPU system calls while the GPU driver is active. This can be done by creating a program that interacts with the GPU in a way that bypasses normal memory management, such as by manipulating reservation objects or using certain IOCTL calls that the driver does not properly validate.

Remediation

The DDK kernel module has been updated to address this vulnerability by correcting the improper use of GPU system calls that allowed the exploitation to occur.