GPU – GPU OOB access to physical memory from mis-configured heap
Reference
PP-137204-X.2
Date Posted
19th September 2023
Version(s) affected
DDK Releases up to and including 1.19
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access out of bounds memory
Resolution
The DDK kernel module has been updated to introduce protection to prevent misuse of heaps
Title
GPU – GPU OOB access to physical memory from mis-configured heap
Reference
PP-137205-X.3
Date Posted
19th September 2023
Version(s) affected
DDK Releases up to and including 1.19
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access out of bounds memory
Resolution
The DDK kernel module has been updated to introduce protection to prevent misuse of heaps
Title
GPU – OOB access to kernel memory when creating a graphics buffer
Reference
PP-137207-X.5
Date Posted
19th September 2023
Version(s) affected
DDK Releases 1.15 and later, up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access out of bounds kernel memory
Resolution
The DDK kernel module has been updated to introduce protection to prevent misuse when creating graphics buffers
Title
GPU – Access to GPU buffer memory after it has been freed
Reference
PP-137212-X.7
Date Posted
19th September 2023
Version(s) affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access freed memory
Resolution
The DDK kernel module has been updated to ensure some GPU buffer memory will not be reused after it is freed
October 2023
Title
GPU – GPU can R/W arbitrary freed physical pages due to PMR object reference count mismanagement in DevmemIntMapPages
Reference
CVE-2023-35685, PP-137206-X.4, PP-137216-X.11
Date Posted
2nd October 2023
Version(s) affected
DDK Releases up to and including 1.18
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access freed memory from the GPU.
Resolution
The DDK kernel module has been updated to correct reference counting for these objects to prevent the issue.
Title
GPU – GPU OOB access to physical memory from mis-configured reservation
Reference
PP-137214-X.1
Date Posted
2nd October 2023
Version(s) affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to GPU system calls.
Title
GPU – Driver can leak kernel information through IOCTL calls
Reference
PP-137214-X.9
Date Posted
2nd October 2023
Version(s) affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a leak of kernel data or trigger a kernel exception.
Resolution
The DDK kernel module has been updated to introduce protection to prevent misuse of the IOCTL interface.
Title
GPU – Reservation object UAF in DevmemIntUnmapPMR
Reference(s)
CVE-2023-21165 PP-137217-X.12 PP-137443-X.22
Date Posted
12th October 2023
Version(s) affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a UAF kernel exception.
Resolution
The DDK kernel module has been updated to introduce protection to prevent this use-after-free issue.
December 2023
Title
GPU can read and write arbitrary physical memory pages
Reference
A-299923390
Date Posted
22nd March 2024
Version(s) affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to read and write arbitrary physical memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
Title
GPU – Driver controllable OOB writes due to integer overflow in DevmemIntChangeSparse
Reference
C-299384059
Date Posted
22nd March 2024
Version(s) affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to GPU system calls.
Title
GPU – User-space can read & write arbitrary freed memory with DevmemIntChangeSparse race condition
Reference
C-299447904
Date Posted
22nd March 2024
Version(s) affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to read and write arbitrary freed physical memory from user-space.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
January 2024
Title
GPU – Leftover locals – local memory data leak
Reference(s)
CVE-2023-4969
Date Posted
16th January 2024
Version(s) affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may execute improper GPU compute kernels to leak uninitialised local data from the GPUs internal local memory.
Resolution
The user-mode drivers and firmware have been updated to introduce protection to prevent this misuse of local memory.
February 2024
Title
GPU – Re-use of MMU PT memory can allow GPU shader to R/W OOB to freed memory in rare situations
Our Reference(s)
PP-137442-X.21
Originator Reference
None
Date Posted
22nd February 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to prevent situations from arising where this vulnerability is present.
Title
GPU can read and write freed physical memory pages after a virtual range is destroyed
Our Reference(s)
CVE-2024-23711, PP-148694
Originator Reference
None
Date Posted
22nd February 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to ensure GPU virtual mappings are removed when a virtual range is destroyed.
Title
GPU – Uninitialised physical memory causes arbitrary content leak to user-mode on UMA systems
Our Reference(s)
PP-159144
Originator Reference
C-305594806
Date Posted
22nd February 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read kernel and other sensitive information from GPU buffers.
Resolution
The DDK kernel module has been updated to ensure the previous content of memory pages used in GPU buffers are cleared before re-using them in a different context.
March 2024
Title
GPU – RA_FreeMultiSparse OOBs access can trigger UAF of LMA physical memory page
Our Reference(s)
PP-158856
Originator Reference
None
Date Posted
8th March 2024
Version(s) affected
DDK Releases up to and including 23.2 RTM1
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory in VRAM from the GPU.
Resolution
The DDK kernel module has been updated to prevent the OOB issue so that the UAF can no longer occur.
Title
GPU – UAF race condition between DevmemIntPFNotify and DevmemIntCtxRelease
Our Reference(s)
CVE-2024-23716, PP-159077
Originator Reference
A-300480809
Date Posted
22nd March 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to introduce protection to prevent this use-after-free issue.
Title
GPU – Exhaustion of memory in DevmemIntHeapCreate triggers system OOM
Our Reference(s)
PP-159018
Originator Reference
C-316857793
Date Posted
22nd March 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to exhaust available system memory leading to instability.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
Title
GPU – UAF caused in RGXCreateZSBufferKM due to improper error handling code
Our Reference(s)
PP-159039
Originator Reference
A-320199249, PP-159059
Date Posted
25th March 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
April 2024
Title
GPU – PowerVR: DevmemIntUnexportCtx destroys export before unlinking it, leading to UAF
Our Reference(s)
PP-159069
Originator Reference
None
Date Posted
5th April 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to address this improper use of GPU system calls.
Title
GPU – _MapPhysicalSparseAlloc issue leads to OOB write to VRAM memory page
Our Reference(s)
PP-159017
Originator Reference
None
Date Posted
5th April 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
The kernel module can in some rare scenarios write overflow (OOB) GPU memory buffers which leads to graphics memory corruption.
Resolution
The DDK kernel module has been updated to correct this issue seen on systems with dedicated graphics memory (VRAM).
Title
GPU – Kernel heap OOB write in RGXFWChangeOSidPriority
Our Reference(s)
PP-159016
Originator Reference
CVE-2024-23698, A-320199679
Date Posted
15th April 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to this GPU system call.
Title
GPU – UAF caused in RGXCreateHWRTData_aux due to improper error handling code
Our Reference(s)
PP-159040
Originator Reference
CVE-2024-23697, A-320199241
Date Posted
15th April 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to address this improper use of GPU system calls.
Title
GPU – Linux driver shared data and shader programs can be corrupted from user-mode code
Our Reference(s)
PP-159075
Originator Reference
None
Date Posted
19th April 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt shared graphics buffers providing common data and shaders.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
Title
GPU – Kernel heap OOB write in CacheOpPMRExec due to integer overflow
Our Reference(s)
PP-159082
Originator Reference
CVE-2024-23695, A-326167784
Date Posted
19th April 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to this GPU system call.
Title
GPU – OSAtomicAddUnless returns wrong results affecting the fix for CVE-2021-0951
Our Reference(s)
PP-159098
Originator Reference
None
Date Posted
19th April 2024
Version(s) affected
DDK Releases up to and including 23.3
Vulnerability
This issue covers a functional deficiency in the implementation and use of OSAtomicAddUnless on non-Linux based operating systems.
Resolution
The DDK kernel module has been updated to correct the implementation of OSAtomicAddUnless function.
If you have any questions on these vulnerabilities, please reach out to your Imagination Technologies support representative.
We use cookies to improve your experience and to measure the performance of our website content. You can either consent to accept all the cookies or choose which ones you want.
Our website uses cookies to improve your experience while you navigate through the website. Cookies categorised as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. In addition, we also use third-party cookies that help us analyze and understand how you use this website. These cookies are only stored in your browser with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
__hssrc
session
This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA
5 months 27 days
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Cookie
Duration
Description
__cf_bm
30 minutes
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc
30 minutes
HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie
2 years
LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie
2 years
LinkedIn sets this cookie to store performed actions on the website.
lang
session
LinkedIn sets this cookie to remember a user's language setting.
lidc
1 day
LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory
1 month
LinkedIn sets this cookie for LinkedIn Ads ID syncing.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
__hstc
1 year 24 days
This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_gcl_au
3 months
Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
CONSENT
2 years
YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk
1 year 24 days
HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
_fbp
3 months
This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr
3 months
Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
test_cookie
15 minutes
The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE
5 months 27 days
A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC
session
YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId
never
This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests
never
This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
