Imagination Technologies GPU DDK
Moderate fix1 remedy
cpe:2.3:a:imaginationtech:ddk:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 24.2 RTM2
- <= 24.3 RTM
Imagination Technologies GPU Driver Use-After-Free Vulnerability in Guest VMs
Vulnerability
Patched
A use-after-free vulnerability has been identified in the GPU driver developed by Imagination Technologies. This issue affects software running as a non-privileged user within a Guest virtual machine, specifically in DDK Releases up to and including 24.3 RTM. The vulnerability arises from improper GPU system calls that trigger reads of stale data, including handles to resources with unbalanced reference counts. This mismanagement can lead to kernel exceptions and unauthorized writes, creating a use-after-free condition.
Impact
Exploitation of this vulnerability causes kernel exceptions related to use-after-free conditions, which can lead to memory corruption and potential arbitrary code execution in the kernel context.
Remediation
The DDK kernel module has been updated to address this vulnerability by correcting the improper management of GPU system calls, preventing access to stale data that could lead to use-after-free conditions.
Added: Dec 1, 2025, 12:16 PM
Updated: Dec 1, 2025, 6:19 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
3.3remediation
7.7relevance
1.3threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.