Imagination Technologies GPU Driver Use-After-Free Vulnerability via Improper Memory Management in Sparse Allocations

A use-after-free vulnerability has been identified in the Imagination Technologies GPU Driver Development Kit (DDK) releases starting from 24.2 RTM2 up to and including 26.1 RTM1. This vulnerability allows software running as a non-privileged user to make improper GPU system calls, leading to mismanagement of memory mappings for sparse allocations. The issue arises because mathematical operations are incorrectly scaled across buffers of varying sizes, causing the product to reference incorrect memory.

Impact

Exploitation of this vulnerability creates a write use-after-free scenario, where memory that has already been freed is accessed and modified, potentially leading to memory corruption or arbitrary code execution.

Reproduction

To reproduce this vulnerability, a non-privileged user can send GPU system calls that manipulate sparse memory allocations. The improper scaling of mathematical operations across buffers of different sizes will cause the GPU to reference the wrong memory, disrupting the mapping state and creating a use-after-free condition.

Remediation

The DDK kernel module has been updated to address this vulnerability by correcting the management of GPU system calls related to sparse memory allocations, ensuring that resources are properly referenced and not prematurely freed.