Imagination Technologies, a leader in GPU innovation, has issued updates to address a series of critical vulnerabilities identified in its GPU driver software.
Imagination Technologies is a global leader in developing GPUs, AI solutions, and semiconductor IP, powering applications across mobile, automotive, and consumer electronics. This year, the company celebrates the 30th anniversary of its PowerVR architecture, highlighting its legacy of cutting-edge innovation.
These vulnerabilities, reported under several CVE references, pose potential risks involving out-of-bounds (OOB) memory writes, kernel exceptions, and unauthorized GPU memory access.
The company detailed the security issues in its January 2025 disclosure, outlining vulnerabilities across various Driver Development Kit (DDK) releases, up to and including version 24.2 RTM2.
The vulnerabilities, if exploited, could allow non-privileged users to access, alter, or corrupt GPU memory, resulting in platform instability or security breaches.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Key Vulnerabilities Identified
Cyber Security News learnt that the Imagination technologies released a patch update on 10th Jan with fixes for all the critical vulnerabilities listed below.
| Vulnerability | CVE Reference | Versions Affected | Description |
|---|---|---|---|
| rgxfw_pm_add_freelist_for_reconstruction OOB write | CVE-2024-52938 | DDK Releases up to and including 24.2 RTM2 | Improper GPU commands allow writing data outside the Guest VM’s virtualized GPU memory. |
| rgxfw_kernel_CMD_DISABLE_ZSSTORE OOB write via ui32WriteOffsetOfDisableZSStore | CVE-2024-52937 | DDK Releases up to and including 24.2 RTM2 | Memory exploitation enables writing data outside virtual GPU memory. |
| rgxfw_hwperf_config OOB read & write | CVE-2024-52936 | DDK Releases up to and including 24.2 RTM2 | Improper GPU kernel calls trigger out-of-bounds read and write operations. |
| psContext->eDM gives OOB write | CVE-2024-52935 | DDK Releases up to and including 24.2 RTM2 | Shared memory with GPU firmware can be exploited for out-of-bounds writes. |
| OOB read into fwlog due to unchecked block count | CVE-2024-47895 | DDK Releases up to and including 24.2 RTM2 | Unchecked block count allows reading data outside Guest VM’s memory. |
| Out of bounds read into fwlog due to unchecked loop bounds | CVE-2024-47894 | DDK Releases up to and including 24.2 RTM2 | Improper GPU commands enable out-of-bounds reads with unchecked loop bounds. |
| PVRSRVRGXGetEnabledHWPerfBlocksKM off-by-one OOB write | CVE-2024-47897 | DDK Releases up to and including 24.2 RTM2 | Non-privileged users can trigger improper GPU system calls, leading to platform instability and reboots. |
| Exploitable kernel use-after-free on psServerMMUContext due to reference count mismanagement | CVE-2024-46973 | DDK Releases up to and including 24.3 RTM | Improper GPU calls trigger use-after-free kernel exceptions. |
| Duplicate calls to RGXCreateFreeList on the same reservation lead to GPU UAF | CVE-2024-43703 | DDK Releases up to and including 24.2 RTM2 | Unprivileged users exploit system calls to cause unauthorized reads/writes to physical memory. |
| MLIST/PM render state buffers writable allowing arbitrary writes to kernel memory pages | CVE-2024-43702 | DDK Releases up to and including 24.2 RTM | System calls allow non-privileged users to write to arbitrary kernel memory pages. |
| Exploitable PVRSRVBridgePhysmemWrapExtMem may lead to overwriting read-only files/memory (e.g., libc.so) | CVE-2024-43705 | DDK Releases up to and including 24.2 RTM2 | Exploits GPU kernel driver to overwrite arbitrary read-only system files mapped into user memory. |
| PVRSRV_BRIDGE_SYNCTRACKING_SYNCRECORDAD allows adding new records while SyncRecordList is not initialized | None | DDK Releases up to and including 24.2 RTM2 | Null kernel exception can be triggered due to uninitialized SyncRecordList. |
| Kernel Information Leak via /proc/pvr/gpu00/debug_dump | None | DDK Releases up to and including 24.2 RTM2 | Unprivileged users can obtain kernel information through debug dumps. |
Imagination Technologies has released firmware and driver updates that introduce protections against these vulnerabilities. The critical updates include mechanisms to:
- Prevent improper user-mode parameters from being submitted to GPU system calls.
- Ensure secure management of GPU memory allocation and deallocation.
- Address use-after-free scenarios and correct improper error handling.
Imagination has urged all users to update their systems to the latest DDK release to mitigate these risks. Users are advised to contact their Imagination Technologies support representative for additional guidance.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!