Imagination Technologies GPU Driver Use-After-Free Vulnerability in Kernel

A use-after-free vulnerability has been identified in the GPU driver from Imagination Technologies. This issue affects software installed and run as a non-privileged user, which can make improper GPU system calls that lead to use-after-free exceptions in the kernel. The vulnerability is present in DDK Releases up to and including 24.3 RTM.

Impact

Exploitation of this vulnerability causes use-after-free exceptions in the kernel, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by running software as a non-privileged user that makes improper GPU system calls. This can be done by creating a program that interacts with the GPU driver and sends commands that trigger the use-after-free condition. The vulnerability can also be reproduced by using a GPU compute kernel that accesses freed memory, which can be facilitated by manipulating the reference counts of certain objects in the driver.

Remediation

Users can update to the latest version of the Imagination Technologies GPU driver, which includes patches for this vulnerability. Instructions for updating the driver can be found on the Imagination Technologies website or by contacting their support team.