Imagination GPU Driver Vulnerabilities


This page contains summary details of security vulnerabilities reported on Imagination Technologies graphics drivers.

September 2023

TitleGPU – GPU OOB access to physical memory from mis-configured heap
ReferencePP-137204-X.2
Date Posted19th September 2023
Version(s) affectedDDK Releases up to and including 1.19
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access out of bounds memory
ResolutionThe DDK kernel module has been updated to introduce protection to prevent misuse of heaps
TitleGPU – GPU OOB access to physical memory from mis-configured heap
ReferencePP-137205-X.3
Date Posted19th September 2023
Version(s) affectedDDK Releases up to and including 1.19
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access out of bounds memory
ResolutionThe DDK kernel module has been updated to introduce protection to prevent misuse of heaps
TitleGPU – OOB access to kernel memory when creating a graphics buffer
ReferencePP-137207-X.5
Date Posted19th September 2023
Version(s) affectedDDK Releases 1.15 and later, up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access out of bounds kernel memory
ResolutionThe DDK kernel module has been updated to introduce protection to prevent misuse when creating graphics buffers
TitleGPU – Access to GPU buffer memory after it has been freed
ReferencePP-137212-X.7
Date Posted19th September 2023
Version(s) affectedDDK Releases up to and including 23.2
VulnerabilitySoftware installed and run as a non-privileged user may conduct improper GPU system calls to access freed memory
ResolutionThe DDK kernel module has been updated to ensure some GPU buffer memory will not be reused after it is freed

If you have any questions on these vulnerabilities, please reach out to your Imagination Technologies support representative.