Imagination Technologies GPU Driver Arbitrary Memory Write Vulnerability

A vulnerability exists in Imagination Technologies GPU drivers, specifically in the GPU DDK, all releases up to and including 25.3 RTM. This vulnerability allows software running as a non-privileged user to make improper GPU system calls that can manipulate GPU resource management. This mismanagement can lead to unauthorized write operations on arbitrary physical memory pages, including those used by the kernel and other drivers, potentially disrupting their normal functions. The issue arises from certain GPU registers being accessible to non-secure applications, which can be exploited to overwrite memory pages not allocated by the GPU driver.

Impact

Exploitation of this vulnerability could corrupt arbitrary physical memory, including data pages used by the kernel and other drivers, leading to unintended changes in their behavior.

Remediation

The DDK kernel module has been updated to address this vulnerability by preventing unauthorized access to arbitrary physical memory pages. Users should update to the latest DDK version that includes this fix.