Imagination Technologies GPU Driver Out-of-Bounds Write Vulnerability Allowing Arbitrary Memory Access

A vulnerability exists in the GPU driver of Imagination Technologies, specifically within the Graphics Processing Unit (GPU) Driver Development Kit (DDK) version 24.2 RTM2 and prior releases. This vulnerability allows kernel software running inside a Guest Virtual Machine (VM) to send improper commands to the GPU firmware. As a result, it can write data outside the Guest's virtualized GPU memory, potentially leading to unauthorized access or corruption of memory.

Impact

Exploitation of this vulnerability allows for out-of-bounds writes to kernel memory, facilitated by improper GPU system calls. Such actions can overwrite critical data, disrupt normal operations, and potentially cause system instability or crashes.

Reproduction

To reproduce this vulnerability, load a Guest VM with a vulnerable version of the Imagination Technologies GPU driver. Within this VM, execute kernel software that can send commands to the GPU firmware. The driver will improperly handle these commands, allowing data to be written outside the allocated virtual GPU memory. This can be verified by checking for signs of memory corruption or unauthorized access to kernel memory.

Remediation

Users can update to the latest version of the Imagination Technologies GPU DDK, which includes patches to address this vulnerability by preventing the improper memory writes from occurring.