GPU Firmware Exploitation in Virtualized Environments by Guest VM Kernel
CVE-2024-12577

7.3HIGH

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 22 February 2025

🔔 Create Imagination Technologies Vulnerability Alert

What is CVE-2024-12577?

A vulnerability exists where kernel software running inside a Guest VM can exploit shared memory with the GPU Firmware. This flaw could allow the kernel to write data beyond the confines of the Guest's virtualised GPU memory, posing significant security risks to the integrity of the host system and other virtual machines.

Affected Version(s)

Graphics DDK Linux 1.15 RTM <= 24.3 RTM

Graphics DDK Linux 25.1 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2025
Vulnerability Reserved
Dec 12, 2024

JSON