Imagination Technologies WebGPU-Related Write Use-After-Free Vulnerability in GPU GLES User-Space Shared Library

A write use-after-free vulnerability has been identified in the Imagination Technologies GPU driver development kit (DDK) version 25.3 RTM and prior. This vulnerability arises when a web page containing unusual WebGPU shader code is processed by the GPU compiler. The irregular shader content can trigger a crash in the shader compiler library by manipulating memory references, creating a use-after-free condition. On certain platforms, if the compiler process has system privileges, this vulnerability could be exploited to execute further attacks on the device.

Impact

Exploitation of this vulnerability causes a write use-after-free crash in the GPU GLES user-space shared library. However, on platforms where the graphics workload process has system privileges, this could lead to additional exploits on the device.

Reproduction

To reproduce this vulnerability, load a web page with atypical WebGPU content into a browser that utilizes the affected GPU driver. The unusual shader code should be crafted to disrupt the normal processing of WebGPU shaders, causing the GPU compiler to mishandle memory references. This can be achieved by creating shaders that include specific patterns or instructions known to trigger the vulnerability, such as those that merge consecutive barriers in a way that the compiler does not properly manage memory allocation and deallocation. Once the page is loaded, the GPU compiler process will crash, demonstrating the use-after-free vulnerability.

Remediation

Users can update to the latest version of the Imagination Technologies GPU DDK, which includes patches for this vulnerability by safely managing WebGPU shader compilation to prevent memory mismanagement.