Imagination Technologies GPU Driver Kernel Memory Corruption Vulnerability

A vulnerability exists in the Imagination Technologies GPU driver that allows software running as a non-privileged user to make improper system calls to the GPU. This can lead to corruption of the kernel's system memory. The issue is present in the GPU DDK releases up to and including 24.3.

Impact

Exploitation of this vulnerability causes corruption of the kernel's system memory, which can lead to system instability and crashes.

Reproduction

The vulnerability can be reproduced by running software that makes improper GPU system calls from a non-privileged user account. This can be done by creating a program that interacts with the GPU driver in a way that bypasses normal memory management safeguards, such as using the DevmemIntChangeSparse remap mode to access freed memory or exploiting integer overflow vulnerabilities to create out-of-bounds memory writes.

Remediation

Users can update to the latest version of the Imagination Technologies GPU driver, which includes patches for this vulnerability. Instructions for updating the driver can be found on the Imagination Technologies website.