GPU Firmware Vulnerability in Guest Virtual Machines by Imagination Technologies
CVE-2024-52938

7.8HIGH

Key Information:

Vendor

Imagination Technologies

Status
Graphics Ddk
Vendor
CVE Published:
13 January 2025

What is CVE-2024-52938?

A vulnerability has been identified where kernel software operating within a Guest Virtual Machine (VM) can send improper commands to the GPU firmware. This flaw may compromise the integrity of reconstruction activities, potentially allowing the Guest VM to write data outside its allocated virtualized GPU memory. This could lead to unauthorized access or manipulation of data, highlighting a significant security concern for environments utilizing Imagination Technologies' GPU products.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Graphics DDK Linux 1.15 RTM <= 24.2 RTM2

Graphics DDK Linux 24.3 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.