Imagination Technologies GPU Driver Arbitrary Memory Access Vulnerability

A vulnerability exists in the Imagination Technologies GPU driver that allows software running as a non-privileged user to make improper GPU system calls. This can lead to unauthorized reads and writes to arbitrary physical memory pages, including those used by the kernel and other drivers. The issue arises from inadequate validation of memory access requests, enabling potential data corruption and alteration of system behavior.

Impact

Exploitation of this vulnerability can cause instability in the operating system, including crashes and unexpected reboots, by disrupting normal kernel operations and memory management.

Reproduction

The vulnerability can be reproduced by running software that makes GPU system calls without the necessary privileges. This can be done by exploiting a misconfigured GPU memory reservation, which allows the application to access out-of-bounds memory. The improper commands can then be used to read from or write to physical memory pages that are not allocated by the GPU driver, but are instead used by the kernel or other drivers, leading to unauthorized data manipulation and potential system instability.

Remediation

Users can update to the latest version of the Imagination Technologies GPU driver, which includes patches to address this vulnerability by preventing improper access to physical memory. Instructions for updating the driver can be found on the Imagination Technologies website or through the Imagination Technologies support representative.