GPU Firmware Vulnerability in Guest Virtual Machines by Imagination Technologies
CVE-2024-52938

7.8HIGH

Key Information:

Vendor: Imagination Technologies
Status: Graphics Ddk
Vendor: CVE Published:; 13 January 2025

Summary

A vulnerability has been identified where kernel software operating within a Guest Virtual Machine (VM) can send improper commands to the GPU firmware. This flaw may compromise the integrity of reconstruction activities, potentially allowing the Guest VM to write data outside its allocated virtualized GPU memory. This could lead to unauthorized access or manipulation of data, highlighting a significant security concern for environments utilizing Imagination Technologies' GPU products.

Affected Version(s)

Graphics DDK Linux 1.15 RTM <= 24.2 RTM2

Graphics DDK Linux 24.3 RTM

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2025
Vulnerability Reserved
Nov 18, 2024