Imagination Technologies GPU DDK
Moderate fix1 remedy
cpe:2.3:a:imaginationtech:ddk:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 24.2 RTM2
- <= 24.3 RTM
Imagination Technologies GPU Driver TOCTOU Race Condition Vulnerability Allowing Memory Escaping from Guest VM
Vulnerability
Patched
A vulnerability exists in the GPU driver DDK releases up to and including 25.2 RTM, allowing kernel or driver software running on a Guest VM to exploit a time-of-check to time-of-use (TOCTOU) race condition. This exploitation can lead to unauthorized reading and/or writing of data outside the designated memory, effectively escaping the virtual machine's confines. The issue arises from improper command handling to the GPU firmware, particularly related to memory contexts that are not adequately validated at the time of use.
Impact
Exploitation of this vulnerability can cause out-of-bounds read and write operations in the shared kernel and firmware memory heap, leading to potential memory corruption and unauthorized access to sensitive information.
Remediation
The DDK firmware has been updated to validate GPU memory context at the time of use, preventing the TOCTOU race condition and its associated impacts.
Added: Nov 17, 2025, 6:21 PM
Updated: Nov 17, 2025, 6:21 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
7.5exploitability
2.4remediation
7.7relevance
1.1threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.