Imagination Technologies GPU Driver Out-of-Bounds Write Vulnerability Allowing Arbitrary Memory Access

A vulnerability exists in the GPU driver provided by Imagination Technologies, specifically in the Graphics Processing Unit (GPU) Driver Development Kit (DDK) version 24.2 RTM2 and earlier. This vulnerability allows kernel software running inside a Guest Virtual Machine (VM) to exploit memory shared with the GPU firmware. The exploitation can lead to writing data outside the virtualized GPU memory of the guest, potentially causing unauthorized access to physical memory or corruption of memory used by the kernel and other drivers.

Impact

Exploitation of this vulnerability can cause arbitrary writes to physical memory, including kernel memory, which can lead to memory corruption, unauthorized access to sensitive information, or disruption of system stability by causing crashes or freezes.

Reproduction

The vulnerability can be reproduced by running kernel software in a guest VM that sends commands to the GPU firmware, exploiting the shared memory to write data outside the guest's allocated GPU memory. This can be done by manipulating the GPU driver to create a misconfiguration that allows such memory access, particularly through sparse allocations or by exploiting uninitialized stack variables.

Remediation

Users can update to the latest version of the Imagination Technologies GPU DDK, which has been patched to prevent the out-of-bounds writes by introducing proper memory access controls.