Imagination Technologies GPU Driver Kernel Heap Corruption Vulnerability

A vulnerability exists in the Imagination Technologies GPU driver development kit (DDK) that allows software running as a non-privileged user to make improper GPU system calls. These calls can corrupt kernel heap memory by mismanaging resource reference counting, creating a write use-after-free scenario. Under certain conditions, this exploitation can lead to unauthorized writes in the kernel memory, potentially altering the behavior of the operating system or other drivers.

Impact

Exploitation of this vulnerability can cause arbitrary writes to kernel memory, leading to corruption of kernel heap data. This could disrupt the normal functioning of the operating system or other drivers, causing unexpected behavior or system instability.

Remediation

The DDK kernel module has been updated to prevent corruption of kernel heap memory under the identified scenarios. Users should upgrade to the latest version of the DDK that includes this patch.