Imagination GPU Driver Vulnerabilities


This page contains summary details of security vulnerabilities reported on Imagination Technologies graphics drivers.

September 2023

TitleGPU – GPU OOB access to physical memory from mis-configured heap
Our ReferencePP-137204-X.2
CVE ReferenceNone
Date Posted19th September 2023
Version(s) affectedDDK Releases up to and including 1.19
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access out of bounds memory
ResolutionThe DDK kernel module has been updated to introduce protection to prevent misuse of heaps
TitleGPU – GPU OOB access to physical memory from mis-configured heap
Our ReferencePP-137205-X.3
CVE ReferenceNone
Date Posted19th September 2023
Version(s) affectedDDK Releases up to and including 1.19
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access out of bounds memory
ResolutionThe DDK kernel module has been updated to introduce protection to prevent misuse of heaps
TitleGPU – OOB access to kernel memory when creating a graphics buffer
Our ReferencePP-137207-X.5
CVE ReferenceNone
Date Posted19th September 2023
Version(s) affectedDDK Releases 1.15 and later, up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access out of bounds kernel memory
ResolutionThe DDK kernel module has been updated to introduce protection to prevent misuse when creating graphics buffers
TitleGPU – Access to GPU buffer memory after it has been freed
Our ReferencePP-137212-X.7
CVE ReferenceNone
Date Posted19th September 2023
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access freed memory
ResolutionThe DDK kernel module has been updated to ensure some GPU buffer memory will not be reused after it is freed
TitleGPU – R/W Arbitrary physical pages with PFNs from uninitialized stack variables
ReferenceA-288116176
CVE ReferenceCVE-2023-21263
Date Posted6th June 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct GPU system calls to read and write parts of physical memory from user-space
ResolutionThe DDK kernel module has been updated to introduce protection to prevent this unauthorised access to memory
TitleGPU – Write OOB in DevmemIntChangeSparse due to integer overflow
ReferenceA-288117034
CVE ReferenceCVE-2023-21401
Date Posted6th June 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory
ResolutionThe DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to this GPU system call
TitleGPU – mmap unexpected physical addresses due to OOB read in _PMRLogicalOffsetToPhysicalOffset
ReferenceA-289053114
CVE ReferenceCVE-2023-35688
Date Posted6th June 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory
ResolutionThe DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to this GPU system call
TitleGPU – UAF in RGXDestroyHWRTData due to firmware response timeout
ReferenceA-288114043
CVE ReferenceCVE-2023-35690
Date Posted6th June 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions
ResolutionThe DDK kernel module has been updated to address this issue in this GPU system call
TitleGPU – UAF in RGXDestroyZSBufferKM due to firmware response timeout
ReferenceA-288112355
CVE ReferenceCVE-2023-21403
Date Posted6th June 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions
ResolutionThe DDK kernel module has been updated to address this issue in this GPU system call
TitleGPU – Read OOB in _MMU_GetPTInfo due to invalid page size
ReferenceA-288115093
CVE ReferenceCVE-2023-21402
Date Posted6th June 2024
Version(s) affectedDDK Releases up to and including 1.19
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to read OOB kernel memory
ResolutionThe DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to th GPU system call affected

October 2023

TitleGPU – GPU can R/W arbitrary freed physical pages due to PMR object reference count mismanagement in DevmemIntMapPages
Our ReferencesPP-137206-X.4
PP-137216-X.11
CVE ReferenceCVE-2023-35685
Date Posted2nd October 2023
Version(s) affectedDDK Releases up to and including 1.18
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access freed memory from the GPU.
ResolutionThe DDK kernel module has been updated to correct reference counting for these objects to prevent the issue.
TitleGPU – GPU OOB access to physical memory from mis-configured reservation
Our ReferencePP-137214-X.1
CVE ReferenceNone
Date Posted2nd October 2023
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access OOB memory from the GPU.
ResolutionThe DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to GPU system calls.
TitleGPU – Driver can leak kernel information through IOCTL calls
Our ReferencePP-137214-X.9
CVE ReferenceNone
Date Posted2nd October 2023
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger a leak of kernel data or trigger a kernel exception.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent misuse of the IOCTL interface.
TitleGPU – Reservation object UAF in DevmemIntUnmapPMR
Our ReferencesPP-137217-X.12
PP-137443-X.22
CVE ReferenceCVE-2023-21165
Date Posted12th October 2023
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger a UAF kernel exception.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent this use-after-free issue.
TitleGPU Driver can leak kernel information via device memory history IOCTL calls
ReferenceA-289116037
CVE ReferenceNone
Date Posted20th May 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to leak data from uninitialised kernel heap memory.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent misuse of this IOCTL interface.
TitleGPU – UAF during DIContext/HWRTDAtaSet resource clean-up when OSCopyToUser fails
ReferencesC-290879631
C-290921312
CVE ReferenceNone
Date Posted20th May 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent this use-after-free.

November 2023

TitleGPU can read and write freed physical memory pages of sparse allocations
ReferenceNone
CVE Reference(s)CVE-2023-35686
CVE-2023-35659
Date Posted13th May 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to read and write freed physical memory from the GPU.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
TitleGPU – User-space can read & write arbitrary freed memory with DevmemIntChangeSparse remap mode
ReferenceC-299853339
CVE ReferenceNone
Date Posted13th May 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to read and write arbitrary freed physical memory from user-space.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
TitleGPU – OOB Write In PhysmemCreateNewDmaBufBackedPMR
ReferenceC-292164683
CVE ReferenceNone
Date Posted13th May 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
ResolutionThe DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to GPU system calls.
TitleGPU – Shader shared memory can be tampered with by the GPU
ReferenceA-300484838
CVE ReferenceCVE-2024-23714
Date Posted13th May 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access and/or corrupt shared driver memory using the GPU.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent improper use of the GPU system calls.

December 2023

TitleGPU can read and write arbitrary physical memory pages
ReferenceA-299923390
CVE ReferenceNone
Date Posted22nd March 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to read and write arbitrary physical memory from the GPU.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
TitleGPU – Driver controllable OOB writes due to integer overflow in DevmemIntChangeSparse
ReferenceC-299384059
CVE ReferenceNone
Date Posted22nd March 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
ResolutionThe DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to GPU system calls.
TitleGPU – User-space can read & write arbitrary freed memory with DevmemIntChangeSparse race condition
ReferenceC-299447904
CVE ReferenceNone
Date Posted22nd March 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to read and write arbitrary freed physical memory from user-space.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.

January 2024

TitleGPU – Leftover locals – local memory data leak
ReferenceNone
CVE ReferenceCVE-2023-4969
Date Posted16th January 2024
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may execute improper GPU compute kernels to leak uninitialised local data from the GPUs internal local memory.
ResolutionThe user-mode drivers and firmware have been updated to introduce protection to prevent this misuse of local memory.

February 2024

TitleGPU – Re-use of MMU PT memory can allow GPU shader to R/W OOB to freed memory in rare situations
Our ReferencePP-137442-X.21
CVE ReferenceNone
Originator ReferenceNone
Date Posted22nd February 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilitySoftware installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
ResolutionThe DDK kernel module has been updated to prevent situations from arising where this vulnerability is present.
TitleGPU can read and write freed physical memory pages after a virtual range is destroyed
Our ReferencePP-148694
CVE ReferenceCVE-2024-23711
Originator ReferenceNone
Date Posted22nd February 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilitySoftware installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
ResolutionThe DDK kernel module has been updated to ensure GPU virtual mappings are removed when a virtual range is destroyed.
TitleGPU – Uninitialised physical memory causes arbitrary content leak to user-mode on UMA systems
Our ReferencePP-159144
CVE ReferenceNone
Originator ReferenceC-305594806
Date Posted22nd February 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilitySoftware installed and run as a non-privileged user may conduct GPU system calls to read kernel and other sensitive information from GPU buffers.
ResolutionThe DDK kernel module has been updated to ensure the previous content of memory pages used in GPU buffers are cleared before re-using them in a different context.

March 2024

TitleGPU – RA_FreeMultiSparse OOBs access can trigger UAF of LMA physical memory page
Our ReferencePP-158856
CVE ReferenceNone
Originator ReferenceNone
Date Posted8th March 2024
Version(s) affectedDDK Releases up to and including 23.2 RTM1
VulnerabilitySoftware installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory in VRAM from the GPU.
ResolutionThe DDK kernel module has been updated to prevent the OOB issue so that the UAF can no longer occur.
TitleGPU – UAF race condition between DevmemIntPFNotify and DevmemIntCtxRelease
Our ReferencePP-159077
CVE ReferenceCVE-2024-23716
Originator ReferenceA-300480809
Date Posted22nd March 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent this use-after-free issue.
TitleGPU – Exhaustion of memory in DevmemIntHeapCreate triggers system OOM
Our ReferencePP-159018
CVE ReferenceNone
Originator ReferenceC-316857793
Date Posted22nd March 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to exhaust available system memory leading to instability.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
TitleGPU – UAF caused in RGXCreateZSBufferKM due to improper error handling code
Our ReferencePP-159039
CVE ReferenceCVE-2024-23696
Originator ReferenceA-320199249, PP-159059
Date Posted25th March 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.

April 2024

TitleGPU – PowerVR: DevmemIntUnexportCtx destroys export before unlinking it, leading to UAF
Our ReferencePP-159069
CVE ReferenceCVE-2024-34725
Originator ReferenceNone
Date Posted5th April 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
ResolutionThe DDK kernel module has been updated to address this improper use of GPU system calls.
TitleGPU – _MapPhysicalSparseAlloc issue leads to OOB write to VRAM memory page
Our ReferencePP-159017
CVE ReferenceNone
Originator ReferenceNone
Date Posted5th April 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilityThe kernel module can in some rare scenarios write overflow (OOB) GPU memory buffers which leads to graphics memory corruption.
ResolutionThe DDK kernel module has been updated to correct this issue seen on systems with dedicated graphics memory (VRAM).
TitleGPU – Kernel heap OOB write in RGXFWChangeOSidPriority
Our ReferencePP-159016
CVE ReferenceCVE-2024-23698
Originator ReferenceA-320199679
Date Posted15th April 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
ResolutionThe DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to this GPU system call.
TitleGPU – UAF caused in RGXCreateHWRTData_aux due to improper error handling code
Our ReferencePP-159040
CVE ReferenceCVE-2024-23697
Originator ReferenceA-320199241
Date Posted15th April 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
ResolutionThe DDK kernel module has been updated to address this improper use of GPU system calls.
TitleGPU – Linux driver shared data and shader programs can be corrupted from user-mode code
Our ReferencePP-159075
CVE ReferenceCVE-2024-34726
Originator ReferenceNone
Date Posted19th April 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to corrupt shared graphics buffers providing common data and shaders.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
TitleGPU – Kernel heap OOB write in CacheOpPMRExec due to integer overflow 
Our ReferencePP-159082
CVE ReferenceCVE-2024-23695
Originator ReferenceA-326167784
Date Posted19th April 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
ResolutionThe DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to this GPU system call.
TitleGPU – OSAtomicAddUnless() returns wrong results affecting the fix for CVE-2021-0951
Our ReferencePP-159098
CVE ReferenceNone
Originator ReferenceNone
Date Posted19th April 2024
Version(s) affectedDDK Releases up to and including 23.3
VulnerabilityThis issue covers a functional deficiency in the implementation and use of OSAtomicAddUnless on non-Linux based operating systems.
ResolutionThe DDK kernel module has been updated to correct the implementation of OSAtomicAddUnless function.

May 2024

TitleGPU – Overflow of refcount in _MMU_AllocLevel leads to arbitrary read and write of physical memory
Our ReferencePP-159087
CVE ReferenceCVE-2024-31333
Originator ReferenceC-324910147
Date Posted17th May 2024
Version(s) affectedDDK Releases up to and including 24.1
VulnerabilitySoftware installed and run as a non-privileged user may conduct GPU system calls to read and write arbitrary physical memory from the GPU.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls that lead to this issue.
TitleGPU – Use-after-free read in _UnrefAndMaybeDestroy
Our ReferencePP-159089
CVE ReferenceCVE-2024-34724
Originator ReferenceNone
Date Posted17th May 2024
Version(s) affectedDDK Releases up to and including 1.19
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent this use-after-free issue.
TitleGPU – DevmemIntChangeSparse issue can briefly allow read and write to freed physical memory pages
Our ReferencePP-159372
CVE ReferenceCVE-2024-31335
Originator ReferenceNone
Date Posted17th May 2024
Version(s) affectedDDK Releases up to and including 24.1
VulnerabilitySoftware installed and run as a non-privileged user may exploit a small window of opportunity to access freed memory.
ResolutionThe DDK kernel module has been updated to address the code issue that allows this exploit.
TitleGPU – Inconsistent parameters to PhysmemNewRamBackedPMR leaks memory pages
Our ReferencePP-159422
CVE ReferenceNone
Originator ReferenceNone
Date Posted31st May 2024
Version(s) affectedDDK Releases up to and including 24.1
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to exhaust available system memory leading to instability.
ResolutionThe DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
TitleGPU – PowerVR: Wrong order of operations in DevmemIntUnmapPMR2 may lead to temporarily dangling PTEs
Our ReferencePP-159433
CVE ReferenceCVE-2024-31335
Originator ReferenceNone
Date Posted31st May 2024
Version(s) affectedDDK Releases up to and including 24.1
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
ResolutionThe DDK kernel module has been updated to address the code issue that allows this exploit.
TitleGPU – PowerVR: DevmemXIntMapPages allows mapping sDevZeroPage and sDummyPage without holding reference
Our ReferencePP-159437
CVE ReferenceCVE-2024-31334
Originator ReferenceNone
Date Posted31st May 2024
Version(s) affectedDDK Releases up to and including 24.1
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
ResolutionThe DDK kernel module has been updated to address the code issue that allows this exploit.

June 2024

TitleGPU – PowerVR: out-of-bounds write of firmware addresses in PVRSRVRGXKickTA3DKM
Our ReferencePP-159407
CVE ReferenceCVE-2024-31336
Originator ReferenceNone
Date Posted14th June 2024
Version(s) affectedDDK Releases up to and including 24.1
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
ResolutionThe DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to this GPU system call.
TitleGPU – PowerVR: Uninitialized memory disclosure (and crash due to OOB reads) in hwperf_host stream
Our ReferencePP-159186
CVE ReferenceNone
Originator ReferenceNone
Date Posted14th June 2024
Version(s) affectedDDK Releases up to and including 24.1
VulnerabilityUnder certain circumstances the driver could return a limited amount of uninitialised kernel stack memory to user-space.
ResolutionThe DDK kernel module has been updated to ensure kernel stack data in this instance is not returned to user-space. 

If you have any questions on these vulnerabilities, please reach out to your Imagination Technologies support representative.