Improper GPU System Calls Vulnerability in Imagination Technologies Driver
CVE-2024-47900

7.8HIGH

Key Information:

Vendor

Imagination Technologies

Status
Graphics Ddk
Vendor
CVE Published:
31 January 2025

What is CVE-2024-47900?

The vulnerability allows software executed by a non-privileged user to perform inappropriate GPU system calls, resulting in unauthorized access to out-of-bounds kernel memory. This could potentially lead to further exploitation or system instability, emphasizing the need for immediate patching and vigilance from users of Imagination Technologies' GPU drivers.

Affected Version(s)

Graphics DDK Linux 1.15 RTM <= 24.3 RTM2

Graphics DDK Linux 25.1 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.