Guest VM Memory Exploit in Imagination Technologies GPU Firmware
CVE-2024-46975

Currently unrated

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 22 February 2025

Summary

A vulnerability exists in the GPU Firmware from Imagination Technologies, allowing malicious kernel software within a Guest Virtual Machine (VM) to manipulate shared memory with the GPU. This exploit enables an attacker to write data into the virtualised GPU memory of another Guest VM, posing significant risks to data integrity and confidentiality across virtual environments.

Affected Version(s)

Graphics DDK Linux 1.15 RTM <= 24.3 RTM

Graphics DDK Linux 25.1 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Timeline

Vulnerability published
Feb 22, 2025
Vulnerability Reserved
Sep 16, 2024