Imagination Technologies GPU Driver Out-of-Bounds Write Vulnerability in DDK Releases through 24.2 RTM2

A vulnerability exists in the GPU Device Driver Development Kit (DDK) within a Guest VM, where the kernel can send improper commands to the GPU firmware. This flaw can disrupt memory reconstruction processes, leading to unauthorized data writes outside the virtualized GPU memory of the Guest. The issue arises from unchecked block counts and reference count mismanagement, allowing exploitation of shared memory with the GPU firmware.

Impact

Exploitation of this vulnerability causes out-of-bounds writes to kernel memory, with potential corruption of graphics memory and disruption of GPU operations, such as freezing graphics output or causing platform instability and reboots.

Reproduction

The vulnerability can be reproduced by running software in a Guest VM that interacts with the GPU through the DDK. The improper commands can be sent by exploiting memory shared with the GPU firmware, taking advantage of the conditions that allow overwriting of data outside the allocated virtual GPU memory.

Remediation

Users can update to the latest DDK version, which includes patches for this vulnerability by introducing protections that prevent the out-of-bounds writes from occurring.