Imagination Technologies GPU Driver Memory Access Vulnerability Allowing Write Permissions to Read-Only Memory

A vulnerability exists in Imagination Technologies GPU drivers, specifically in the GPU Device Driver Kit (DDK) releases up to and including 25.1 RTM2. This vulnerability allows software running as a non-privileged user to make improper GPU system calls that gain write access to read-only user-mode memory and files. The issue arises from inadequate management of memory protection for user-mode wrapped memory resources.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of read-only memory, potentially allowing for the manipulation of memory contents in a way that could disrupt normal application or system behavior.

Remediation

The DDK kernel module has been updated to correct the improper handling of GPU system calls, ensuring that wrapped user-mode memory is not exported with conflicting access permissions. Users should update to the latest DDK version that includes this fix.