A significant development for the tech community is the identification of 2 critical vulnerabilities in several versions of a widely-used GPU Driver Development Kit (DDK) that affect systems using Unified Memory Architecture (UMA).
On November 29, 2024, researchers disclosed the first vulnerability, known as CVE-2024-47892, which has raised concerns about potential security breaches.
The DDK’s kernel memory management contains the Use-After-Free (UAF) vulnerability. Specifically, the flaw lies within the PMRUnlockPhysAddressesOSMem function, which pertains to the management of non-4KB page memory resources.
A non-privileged user’s software could use this vulnerability to execute GPU system calls that incorrectly read and write to freed physical memory.
This security vulnerability allows regular users to access random physical memory pages. This could allow hackers to access private data and take over the system. It affects all DDK releases up to and including version 24.2 RTM1.
The DDK kernel module has received an update in response to this vulnerability. The update includes enhancements to the protection mechanisms initially introduced to counteract improper GPU system call usage.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Vulnerability in PowerVR component of the GPU DDK (CVE-2024-43704)
The PowerVR component of the GPU Device Driver Kit (DDK) has another security vulnerability (CVE-2024-43704) that affects versions up to and including 24.2 RTM1.
This issue is associated with the PVRSRVAcquireProcessHandleBase function, which may lead to process handle reuse when Process IDs (PIDs) are recycled.
These changes are meant to stop unauthorized access to important memory pages, which will make systems that use the affected GPU DDK versions safer overall.
“Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.”
The DDK developers strongly advise users and organizations using versions up to 24.2 RTM1 to apply the latest patches and updates. Staying current with software updates is crucial to safeguarding systems against potential exploits that leverage this newly discovered vulnerability.
This vulnerability highlights the ongoing challenges in securing complex software systems, particularly those involving intricate memory management and hardware interactions. It underscores the critical importance of rigorous software testing and timely patching to protect against emerging threats.
Users can refer to the Common Weakness Enumeration (CWE) entry at CWE-280 for more information and technical details related to this issue.
As the tech community continues to address these concerns, maintaining awareness and applying best practices in cybersecurity remain paramount for all users and developers involved in managing sensitive hardware and software resources.
Analyze cyber threats with ANYRUN's powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses.