Imagination Technologies WebGPU Content-Triggered Write Use-After-Free Vulnerability in GPU GLES Render Process

A write use-after-free vulnerability has been identified in the GPU GLES user-space shared library of Imagination Technologies. This vulnerability is triggered by a web page containing unusual WebGPU content, which is loaded into the GPU GLES render process. The improper handling of this content can cause a crash in the shared library. On certain platforms, if the process executing the graphics workload has system privileges, this vulnerability could be exploited to perform further actions on the device.

Impact

Exploitation of this vulnerability leads to a write use-after-free condition, causing a crash in the GPU GLES user-space shared library. However, on platforms where the process has system privileges, this could be leveraged for additional exploits on the device.

Reproduction

To reproduce this vulnerability, a web page must be created that includes non-standard WebGPU content or shaders. When this page is rendered, the GPU GLES process will mishandle the WebGPU data, leading to a use-after-free condition. This can be done by injecting the unusual content into a WebGPU-enabled application or environment.

Remediation

The DDK GLES user-space shared library has been updated to properly manage unusual WebGPU execution patterns, preventing disruptions in the rendering process. Users should ensure they are using a version of the DDK that includes this update.