Imagination Technologies GPU DDK Kernel Module Arbitrary Physical Memory Write Vulnerability

A vulnerability exists in the Imagination Technologies GPU DDK kernel module, specifically in releases up to and including 25.3 RTM. This vulnerability allows malware to misuse the IOCTL interface of the DDK kernel module, enabling unauthorized writes to arbitrary physical memory pages. The issue arises from the product's concurrent use of shared resources without proper synchronization, potentially leading to corruption of memory pages used by the kernel and other drivers.

Impact

Exploitation of this vulnerability could cause arbitrary writes to physical memory, corrupting data pages not allocated by the GPU driver but used by the kernel and other drivers, thereby altering their behavior.

Remediation

The DDK kernel module has been updated to address this vulnerability by preventing unauthorized access to arbitrary physical memory pages. Users should update to the latest version of the DDK that includes this fix.