Guest VM Memory Exploit in Imagination Technologies GPU Firmware
CVE-2024-46975

7.9HIGH

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 22 February 2025

🔔 Create Imagination Technologies Vulnerability Alert

What is CVE-2024-46975?

A vulnerability exists in the GPU Firmware from Imagination Technologies, allowing malicious kernel software within a Guest Virtual Machine (VM) to manipulate shared memory with the GPU. This exploit enables an attacker to write data into the virtualised GPU memory of another Guest VM, posing significant risks to data integrity and confidentiality across virtual environments.

Affected Version(s)

Graphics DDK Linux 1.15 RTM <= 24.3 RTM

Graphics DDK Linux 25.1 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2025
Vulnerability Reserved
Sep 16, 2024

JSON