Imagination Technologies GPU Driver Arbitrary Memory Write Vulnerability

A vulnerability exists in Imagination Technologies GPU drivers, specifically in the DDK releases up to and including 25.2 RTM. This vulnerability allows software running as a non-privileged user to make improper GPU system calls that manipulate GPU hardware. The exploitation of this vulnerability could lead the GPU to write to arbitrary physical memory pages, potentially corrupting data pages used by the kernel and other drivers, and disrupting their normal functions. Additionally, this vulnerability could cause the GPU to alter restricted internal buffers, leading to further corruption of physical memory.

Impact

Exploitation of this vulnerability could result in arbitrary writes to physical memory, allowing for corruption of kernel and driver data, and disruption of normal system behavior.

Remediation

The DDK kernel module has been updated to prevent unauthorized access to arbitrary physical memory pages. Users should update to the latest version of the GPU driver DDK.