GPU Firmware Exploitation in Virtualized Environments by Guest VM Kernel
CVE-2024-12577

Currently unrated

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 22 February 2025

Summary

A vulnerability exists where kernel software running inside a Guest VM can exploit shared memory with the GPU Firmware. This flaw could allow the kernel to write data beyond the confines of the Guest's virtualised GPU memory, posing significant security risks to the integrity of the host system and other virtual machines.

Affected Version(s)

Graphics DDK Linux 1.15 RTM <= 24.3 RTM

Graphics DDK Linux 25.1 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Timeline

Vulnerability published
Feb 22, 2025
Vulnerability Reserved
Dec 12, 2024