Imagination Technologies GPU Driver Out-of-Bounds Write Vulnerability Allowing Arbitrary Memory Access

A vulnerability exists in the GPU driver provided by Imagination Technologies, specifically in the Graphics Processing Unit (GPU) Driver Development Kit (DDK) version 24.2 RTM2 and prior. This vulnerability allows kernel software running inside a Guest Virtual Machine (VM) to exploit memory shared with the GPU firmware. The exploitation can lead to writing data outside the Guest's virtualized GPU memory, potentially causing unauthorized access to physical memory or corruption of memory used by the kernel and other drivers.

Impact

Exploitation of this vulnerability can cause out-of-bounds writes to kernel memory, leading to memory corruption, unauthorized access to physical memory pages, or interference with the normal operation of the GPU, such as freezing graphics output.

Reproduction

The vulnerability can be reproduced by running kernel software in a Guest VM that sends commands to the GPU firmware, exploiting the shared memory to write data outside the allocated virtual GPU memory. This can be done by manipulating the memory access patterns to target specific areas of the physical memory that are not properly protected.

Remediation

Users can update to the DDK version 24.3 or later, where this vulnerability has been addressed by introducing protections that prevent the out-of-bounds writes from occurring.