Imagination Technologies GPU Driver Kernel Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Imagination Technologies GPU Driver Development Kit (DDK) kernel, specifically in releases up to and including 24.2 RTM2. This vulnerability allows software running as a non-privileged user to exploit improper GPU system calls, leading to kernel exceptions by accessing freed memory. The issue arises from mismanagement of reference counts, which can be exploited to read and write kernel heap data after it has been freed, potentially causing kernel crashes or instability.

Impact

Exploitation of this vulnerability can lead to kernel exceptions, causing crashes or instability in the system.

Reproduction

The vulnerability can be reproduced by running software in a Guest VM that sends improper commands to the GPU Firmware. This can be done by manipulating GPU system calls to create a race condition that triggers the use-after-free condition, allowing access to freed memory.

Remediation

The DDK kernel module has been updated to address the reference count mismanagement that allowed this vulnerability to occur.