Imagination Technologies GPU Driver Out-of-Bounds Write Vulnerability Allowing Arbitrary Memory Access

An out-of-bounds write vulnerability has been identified in the GPU driver of Imagination Technologies. This issue allows kernel software running inside a guest virtual machine to send improper commands to the GPU firmware, triggering writes of data outside the guest's virtualized GPU memory. The vulnerability arises from mismanagement of memory access, particularly in how the GPU driver handles physical memory references, creating opportunities for unauthorized memory manipulation.

Impact

Exploitation of this vulnerability leads to unauthorized writes to physical memory, potentially overwriting critical data and causing system instability.

Reproduction

The vulnerability can be reproduced by executing GPU compute kernels from within a guest virtual machine that improperly manage memory references. This can be done by sending commands that exploit the driver's handling of physical memory, particularly through the DevmemIntChangeSparse remap mode, which can be configured to access out-of-bounds memory areas.

Remediation

Users can update to the latest version of the Imagination Technologies GPU driver, where this vulnerability has been addressed by introducing protections that prevent out-of-bounds writes to memory pages.