GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs
Platform
linux
Component
imagination-technologies-gpu-ddk
Fixed in
24.2.1
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable further exploits on the device.
Threat Intelligence
Exploit Status
EPSS
0.01% (3% percentile)
Affected Software
Weakness Classification (CWE)
Timeline
- Published
- EPSS updated
How to fix
Actualice el driver de GPU DDK a la versión 24.2.1 o posterior para mitigar la vulnerabilidad de uso después de liberar (UAF). Verifique la documentación de Imagination Technologies para obtener instrucciones específicas de actualización para su plataforma y configuración. Asegúrese de aplicar las actualizaciones de seguridad más recientes para su sistema operativo y hardware.
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Try it now — no account
Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.
Drag & drop your dependency file
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...