GPU DDK – Leftover locals – local memory data leak
Reference
None
CVE Reference
CVE-2023-4969
Date Posted
16th January 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may execute improper GPU compute kernels to leak uninitialised local data from the GPUs internal local memory.
Resolution
The user-mode drivers and firmware have been updated to introduce protection to prevent this misuse of local memory.
February 2024
Title
GPU DDK – Re-use of MMU PT memory can allow GPU shader to R/W OOB to freed memory in rare situations
Our Reference
PP-137442-X.21
CVE Reference
None
Originator Reference
None
Date Posted
22nd February 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to prevent situations from arising where this vulnerability is present.
Title
GPU DDK – GPU can read and write freed physical memory pages after a virtual range is destroyed
Our Reference
PP-148694
CVE Reference
CVE-2024-23711
Originator Reference
None
Date Posted
22nd February 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to ensure GPU virtual mappings are removed when a virtual range is destroyed.
Title
GPU DDK – Uninitialised physical memory causes arbitrary content leak to user-mode on UMA systems
Our Reference
PP-159144
CVE Reference
None
Originator Reference
C-305594806
Date Posted
22nd February 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read kernel and other sensitive information from GPU buffers.
Resolution
The DDK kernel module has been updated to ensure the previous content of memory pages used in GPU buffers are cleared before re-using them in a different context.
March 2024
Title
GPU DDK – RA_FreeMultiSparse OOBs access can trigger UAF of LMA physical memory page
Our Reference
PP-158856
CVE Reference
None
Originator Reference
None
Date Posted
8th March 2024
Versions affected
DDK Releases up to and including 23.2 RTM1
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory in VRAM from the GPU.
Resolution
The DDK kernel module has been updated to prevent the OOB issue so that the UAF can no longer occur.
Title
GPU DDK – UAF race condition between DevmemIntPFNotify and DevmemIntCtxRelease
Our Reference
PP-159077
CVE Reference
CVE-2024-23716
Originator Reference
A-300480809
Date Posted
22nd March 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to introduce protection to prevent this use-after-free issue.
Title
GPU DDK – Exhaustion of memory in DevmemIntHeapCreate triggers system OOM
Our Reference
PP-159018
CVE Reference
None
Originator Reference
C-316857793
Date Posted
22nd March 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to exhaust available system memory leading to instability.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
Title
GPU DDK – UAF caused in RGXCreateZSBufferKM due to improper error handling code
Our Reference
PP-159039
CVE Reference
CVE-2024-23696
Originator Reference
A-320199249, PP-159059
Date Posted
25th March 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
April 2024
Title
GPU DDK – PowerVR: DevmemIntUnexportCtx destroys export before unlinking it, leading to UAF
Our Reference
PP-159069
CVE Reference
CVE-2024-34725
Originator Reference
None
Date Posted
5th April 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to address this improper use of GPU system calls.
Title
GPU DDK – _MapPhysicalSparseAlloc issue leads to OOB write to VRAM memory page
Our Reference
PP-159017
CVE Reference
None
Originator Reference
None
Date Posted
5th April 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
The kernel module can in some rare scenarios write overflow (OOB) GPU memory buffers which leads to graphics memory corruption.
Resolution
The DDK kernel module has been updated to correct this issue seen on systems with dedicated graphics memory (VRAM).
Title
GPU DDK – Kernel heap OOB write in RGXFWChangeOSidPriority
Our Reference
PP-159016
CVE Reference
CVE-2024-23698
Originator Reference
A-320199679
Date Posted
15th April 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to this GPU system call.
Title
GPU DDK – UAF caused in RGXCreateHWRTData_aux due to improper error handling code
Our Reference
PP-159040
CVE Reference
CVE-2024-23697
Originator Reference
A-320199241
Date Posted
15th April 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to address this improper use of GPU system calls.
Title
GPU DDK – Linux driver shared data and shader programs can be corrupted from user-mode code
Our Reference
PP-159075
CVE Reference
CVE-2024-34726
Originator Reference
None
Date Posted
19th April 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt shared graphics buffers providing common data and shaders.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
Title
GPU DDK – Kernel heap OOB write in CacheOpPMRExec due to integer overflow
Our Reference
PP-159082
CVE Reference
CVE-2024-23695
Originator Reference
A-326167784
Date Posted
19th April 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to this GPU system call.
Title
GPU DDK – OSAtomicAddUnless() returns wrong results affecting the fix for CVE-2021-0951
Our Reference
PP-159098
CVE Reference
None
Originator Reference
None
Date Posted
19th April 2024
Versions affected
DDK Releases up to and including 23.3
Vulnerability
This issue covers a functional deficiency in the implementation and use of OSAtomicAddUnless on non-Linux based operating systems.
Resolution
The DDK kernel module has been updated to correct the implementation of OSAtomicAddUnless function.
May 2024
Title
GPU DDK – Overflow of refcount in _MMU_AllocLevel leads to arbitrary read and write of physical memory
Our Reference
PP-159087
CVE Reference
CVE-2024-31333
Originator Reference
C-324910147
Date Posted
17th May 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write arbitrary physical memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls that lead to this issue.
Title
GPU DDK – Use-after-free read in _UnrefAndMaybeDestroy
Our Reference
PP-159089
CVE Reference
CVE-2024-34724
Originator Reference
None
Date Posted
17th May 2024
Versions affected
DDK Releases up to and including 1.19
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to introduce protection to prevent this use-after-free issue.
Title
GPU DDK – DevmemIntChangeSparse issue can briefly allow read and write to freed physical memory pages
Our Reference
PP-159372
CVE Reference
CVE-2024-31335
Originator Reference
None
Date Posted
17th May 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may exploit a small window of opportunity to access freed memory.
Resolution
The DDK kernel module has been updated to address the code issue that allows this exploit.
Title
GPU DDK – Inconsistent parameters to PhysmemNewRamBackedPMR leaks memory pages
Our Reference
PP-159422
CVE Reference
None
Originator Reference
None
Date Posted
31st May 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to exhaust available graphics memory leading to instability.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
Title
GPU DDK – PowerVR: Wrong order of operations in DevmemIntUnmapPMR2 may lead to temporarily dangling PTEs
Our Reference
PP-159433
CVE Reference
CVE-2024-31335
Originator Reference
None
Date Posted
31st May 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to address the code issue that allows this exploit.
Title
GPU DDK – PowerVR: DevmemXIntMapPages allows mapping sDevZeroPage and sDummyPage without holding reference
Our Reference
PP-159437
CVE Reference
CVE-2024-31334
Originator Reference
None
Date Posted
31st May 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to address the code issue that allows this exploit.
June 2024
Title
GPU DDK – PowerVR: out-of-bounds write of firmware addresses in PVRSRVRGXKickTA3DKM
Our Reference
PP-159407
CVE Reference
CVE-2024-31336
Originator Reference
None
Date Posted
14th June 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to this GPU system call.
Title
GPU DDK – PowerVR: Uninitialized memory disclosure (and crash due to OOB reads) in hwperf_host stream
Our Reference
PP-159186
CVE Reference
None
Originator Reference
None
Date Posted
14th June 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Under certain circumstances the driver could return a limited amount of uninitialised kernel stack memory to user-space.
Resolution
The DDK kernel module has been updated to ensure kernel stack data in this instance is not returned to user-space.
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB firmware memory.
Resolution
The DDK kernel module has been updated to introduce protection to prevent firmware memory access in this way.
July 2024
Title
GPU DDK – Multiple sparse mappings in DevmemIntChangeSparse2 leads to UAF of physical memory from GPU
Our Reference
PP-159339
CVE Reference
CVE-2024-34729
Originator Reference
None
Date Posted
8th July 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to address this improper use of GPU system calls.
Title
GPU DDK – In-flight GPU shader or kernel can read and write to buffer pages after the PMR has been freed
Our Reference
PP-159752
CVE Reference
CVE-2024-40649
Originator Reference
None
Date Posted
26th July 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to address the race-condition vulnerability that was exploited in this particular attack.
Title
GPU DDK – PowerVR: integer overflows in DevmemXIntMapPages and DevmemXIntUnmapPages, exploitable as dangling GPU PTEs
Our Reference
PP-159653
CVE Reference
CVE-2024-34733
Originator Reference
None
Date Posted
26th July 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to address this improper use of GPU system calls.
Title
GPU DDK – PowerVR: wrapping addition in _DevmemXReservationPageAddress causes MMU operation at wrong address
Our Reference
PP-159654
CVE Reference
CVE-2024-34748
Originator Reference
None
Date Posted
26th July 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to address this improper use of GPU system calls.
Title
GPU DDK – In-flight GPU shader or kernel can read/write to freed buffer pages in DevmemIntChangeSparse2
Our Reference
PP-159753
CVE Reference
CVE-2024-40651
Originator Reference
None
Date Posted
26th July 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to address the race-condition vulnerability that was exploited in this particular attack.
Title
GPU DDK – PowerVR: On-demand PMR physical memory is freed before GPU TLB invalidation
Our Reference
PP-159595
CVE Reference
CVE-2024-34732
Originator Reference
None
Date Posted
26th July 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to address the race-condition vulnerability that was exploited in this particular attack.
August 2024
Title
GPU DDK – PowerVR: Weaknesses identified in the deferred PMR free TLB invalidation security fix
Our Reference
PP-160180
CVE Reference
CVE-2024-40670
Originator Reference
None
Date Posted
15th August 2024
Versions affected
DDK Releases up to and including 24.2
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to address the race-condition weaknesses that can be exploited in this particular attack.
Title
GPU DDK – PowerVR: TLB Invalidate UAF of physical pages in sparse and on-demand PMRs on LMA systems (DDK 1.17 and earlier)
Our Reference
PP-160206
CVE Reference
CVE-2024-40669
Originator Reference
None
Date Posted
15th August 2024
Versions affected
DDK Releases up to and including 1.17
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to address the race-condition vulnerability that was exploited in this particular attack.
Title
GPU DDK – DevmemIntChangeSparse2 UAF on PMRGetUID call
Our Reference
PP-160094
CVE Reference
CVE-2024-40671
Originator Reference
None
Date Posted
23rd August 2024
Versions affected
DDK Releases up to and including 24.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to address this improper use of GPU system calls.
September 2024
Title
GPU DDK – PowerVR: DEVMEMXINT_RESERVATION::ppsPMR references PMRs but does not lock their physical addresses
Our Reference
PP-159931
CVE Reference
CVE-2024-34747
Originator Reference
None
Date Posted
6th September 2024
Versions affected
DDK Releases up to and including 24.1
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to address this improper use of GPU system calls.
Title
GPU DDK – Incomplete check of the PMMETA_PROTECT flag in PowerVR driver leads to arbitrary kernel physical page write
Our Reference
PP-160287
CVE Reference
CVE-2024-43077
Originator Reference
C-349746415
Date Posted
20th September 2024
Versions affected
DDK Releases up to and including 24.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to write arbitrary physical memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
October 2024
Title
GPU DDK – PowerVR: TLB invalidate UAF of dma_buf imported into multiple GPU devices
Our Reference
PP-160192
CVE Reference
CVE-2024-43701
Originator Reference
None
Date Posted
4th October 2024
Versions affected
DDK Releases up to and including 24.2 RTM1
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
November 2024
Title
GPU DDK – PowerVR: PVRSRVAcquireProcessHandleBase can cause psProcessHandleBase reuse when PIDs are reused
Our Reference
PP-160496
CVE Reference
CVE-2024-43704
Originator Reference
None
Date Posted
15th November 2024
Versions affected
DDK Releases up to and including 24.2 RTM1
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process.
Resolution
The DDK kernel module has been updated to prevent the situation that allows this issue to occur.
Title
GPU DDK – UAF of kernel memory in PMRUnlockPhysAddressesOSMem for on-demand non-4KB PMRs in system memory (UMA)
Our Reference
PP-160576
CVE Reference
CVE-2024-47892
Originator Reference
None
Date Posted
29th November 2024
Versions affected
DDK Releases up to and including 24.2 RTM1
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to correct protection introduced under PP-159595 to prevent improper use of GPU system calls.
December 2024
Title
GPU DDK – Reference count overflow in pvr_sync_rollback_export_fence
Our Reference
PP-160740
CVE Reference
CVE-2024-46972
Originator Reference
PP-160656
Date Posted
13th December 2024
Versions affected
DDK Release 24.1 RTM
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to address the issue being exploited to prevent overflow and the use-after-free issue.
Title
GPU DDK – UAF of memory in PMRUnlockSysPhysAddressesLocalMem for on-demand PMRs on PCI (LMA) systems
Our Reference
PP-160577
CVE Reference
CVE-2024-46971
Originator Reference
None
Date Posted
13th December 2024
Versions affected
DDK Releases up to and including 24.2 RTM2
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to correct protection introduced under PP-160206 to prevent improper use of GPU system calls.
If you have any questions on these vulnerabilities, please reach out to your Imagination Technologies support representative.
GPU DDK – PMRWritePMPageList write OOB due to integer overflow
Our Reference
A-278926273
CVE Reference
CVE-2023-21217
Date Posted
28th June 2024
Versions affected
DDK Releases up to and including 23.1
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger OOB write to kernel heap memory.
Resolution
The DDK kernel module has been updated to address this issue in these GPU system calls.
Title
GPU DDK – UAF in PMR_ReadBytes when destroying FreeList
Our Reference
A-278927832
CVE Reference
CVE-2023-21163
Date Posted
28th June 2024
Versions affected
DDK Releases up to and including 23.1
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free exceptions in the kernel module.
Resolution
The DDK kernel module has been updated to address this issue in the affected GPU system calls.
Title
GPU DDK – UAF in RGXUnbackingZSBuffer
Our Reference
A-278927608
CVE Reference
CVE-2023-21162
Date Posted
28th June 2024
Versions affected
DDK Releases up to and including 23.1
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free exceptions in the kernel module.
Resolution
The DDK kernel module has been updated to address this issue in the affected GPU system calls.
Title
GPU DDK – Object psReservation UAF in RGXBackingZSBuffer when invoking PVRSRVBridgeRGXPopulateZSBuffer
Our Reference
A-278929010
CVE Reference
CVE-2023-21166
Date Posted
28th June 2024
Versions affected
DDK Releases up to and including 23.1
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free exceptions in the kernel module.
Resolution
The DDK kernel module has been updated to address this issue in the affected GPU system calls.
Title
GPU DDK – UAF in DevmemIntMapPMR when invoking PVRSRVBridgeRGXPopulateZSBuffer
Our Reference
A-278928734
CVE Reference
CVE-2023-21164
Date Posted
28th June 2024
Versions affected
DDK Releases up to and including 23.1
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free exceptions in the kernel module.
Resolution
The DDK kernel module has been updated to address this issue in the affected GPU system calls.
September 2023
Title
GPU DDK – GPU OOB access to physical memory from mis-configured heap
Our Reference
PP-137204-X.2
CVE Reference
None
Date Posted
19th September 2023
Versions affected
DDK Releases up to and including 1.19
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access out of bounds memory
Resolution
The DDK kernel module has been updated to introduce protection to prevent misuse of heaps
Title
GPU DDK – GPU OOB access to physical memory from mis-configured heap
Our Reference
PP-137205-X.3
CVE Reference
None
Date Posted
19th September 2023
Versions affected
DDK Releases up to and including 1.19
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access out of bounds memory
Resolution
The DDK kernel module has been updated to introduce protection to prevent misuse of heaps
Title
GPU DDK – OOB access to kernel memory when creating a graphics buffer
Our Reference
PP-137207-X.5
CVE Reference
None
Date Posted
19th September 2023
Versions affected
DDK Releases 1.15 and later, up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access out of bounds kernel memory
Resolution
The DDK kernel module has been updated to introduce protection to prevent misuse when creating graphics buffers
Title
GPU DDK – Access to GPU buffer memory after it has been freed
Our Reference
PP-137212-X.7
CVE Reference
None
Date Posted
19th September 2023
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access freed memory
Resolution
The DDK kernel module has been updated to ensure some GPU buffer memory will not be reused after it is freed
Title
GPU DDK – R/W Arbitrary physical pages with PFNs from uninitialized stack variables
Reference
A-288116176
CVE Reference
CVE-2023-21263
Date Posted
6th June 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct GPU system calls to read and write parts of physical memory from user-space
Resolution
The DDK kernel module has been updated to introduce protection to prevent this unauthorised access to memory
Title
GPU DDK – Write OOB in DevmemIntChangeSparse due to integer overflow
Reference
A-288117034
CVE Reference
CVE-2023-21401
Date Posted
6th June 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to this GPU system call
Title
GPU DDK – mmap unexpected physical addresses due to OOB read in _PMRLogicalOffsetToPhysicalOffset
Reference
A-289053114
CVE Reference
CVE-2023-35688
Date Posted
6th June 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to this GPU system call
Title
GPU DDK – UAF in RGXDestroyHWRTData due to firmware response timeout
Reference
A-288114043
CVE Reference
CVE-2023-35690
Date Posted
6th June 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions
Resolution
The DDK kernel module has been updated to address this issue in this GPU system call
Title
GPU DDK – UAF in RGXDestroyZSBufferKM due to firmware response timeout
Reference
A-288112355
CVE Reference
CVE-2023-21403
Date Posted
6th June 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions
Resolution
The DDK kernel module has been updated to address this issue in this GPU system call
Title
GPU DDK – Read OOB in _MMU_GetPTInfo due to invalid page size
Reference
A-288115093
CVE Reference
CVE-2023-21402
Date Posted
6th June 2024
Versions affected
DDK Releases up to and including 1.19
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to read OOB kernel memory
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to th GPU system call affected
October 2023
Title
GPU DDK – GPU can R/W arbitrary freed physical pages due to PMR object reference count mismanagement in DevmemIntMapPages
Our References
PP-137206-X.4 PP-137216-X.11
CVE Reference
CVE-2023-35685
Date Posted
2nd October 2023
Versions affected
DDK Releases up to and including 1.18
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access freed memory from the GPU.
Resolution
The DDK kernel module has been updated to correct reference counting for these objects to prevent the issue.
Title
GPU DDK – GPU OOB access to physical memory from mis-configured reservation
Our Reference
PP-137214-X.1
CVE Reference
None
Date Posted
2nd October 2023
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to GPU system calls.
Title
GPU DDK – Driver can leak kernel information through IOCTL calls
Our Reference
PP-137214-X.9
CVE Reference
None
Date Posted
2nd October 2023
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a leak of kernel data or trigger a kernel exception.
Resolution
The DDK kernel module has been updated to introduce protection to prevent misuse of the IOCTL interface.
Title
GPU DDK – Reservation object UAF in DevmemIntUnmapPMR
Our References
PP-137217-X.12 PP-137443-X.22
CVE Reference
CVE-2023-21165
Date Posted
12th October 2023
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a UAF kernel exception.
Resolution
The DDK kernel module has been updated to introduce protection to prevent this use-after-free issue.
Title
GPU DDK – GPU Driver can leak kernel information via device memory history IOCTL calls
Reference
A-289116037
CVE Reference
None
Date Posted
20th May 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to leak data from uninitialised kernel heap memory.
Resolution
The DDK kernel module has been updated to introduce protection to prevent misuse of this IOCTL interface.
Title
GPU DDK – UAF during DIContext/HWRTDAtaSet resource clean-up when OSCopyToUser fails
References
C-290879631 C-290921312
CVE Reference
None
Date Posted
20th May 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
Resolution
The DDK kernel module has been updated to introduce protection to prevent this use-after-free.
November 2023
Title
GPU DDK – GPU can read and write freed physical memory pages of sparse allocations
Reference
None
CVE Reference(s)
CVE-2023-35686 CVE-2023-35659
Date Posted
13th May 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to read and write freed physical memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
Title
GPU DDK – User-space can read & write arbitrary freed memory with DevmemIntChangeSparse remap mode
Reference
C-299853339
CVE Reference
None
Date Posted
13th May 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to read and write arbitrary freed physical memory from user-space.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
Title
GPU DDK – OOB Write In PhysmemCreateNewDmaBufBackedPMR
Reference
C-292164683
CVE Reference
None
Date Posted
13th May 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to GPU system calls.
Title
GPU DDK – Shader shared memory can be tampered with by the GPU
Reference
A-300484838
CVE Reference
CVE-2024-23714
Date Posted
13th May 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access and/or corrupt shared driver memory using the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of the GPU system calls.
December 2023
Title
GPU DDK – GPU can read and write arbitrary physical memory pages
Reference
A-299923390
CVE Reference
CVE-2024-23715
Date Posted
22nd March 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to read and write arbitrary physical memory from the GPU.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
Title
GPU DDK – Driver controllable OOB writes due to integer overflow in DevmemIntChangeSparse
Reference
C-299384059
CVE Reference
None
Date Posted
22nd March 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
Resolution
The DDK kernel module has been updated to introduce protection to reject incorrect user-mode parameters given to GPU system calls.
Title
GPU DDK – User-space can read & write arbitrary freed memory with DevmemIntChangeSparse race condition
Reference
C-299447904
CVE Reference
None
Date Posted
22nd March 2024
Versions affected
DDK Releases up to and including 23.2
Vulnerability
Software installed and run as a non-privileged user may conduct improper GPU system calls to read and write arbitrary freed physical memory from user-space.
Resolution
The DDK kernel module has been updated to introduce protection to prevent improper use of GPU system calls.
If you have any questions on these vulnerabilities, please reach out to your Imagination Technologies support representative.
We use cookies to improve your experience and to measure the performance of our website content. You can either consent to accept all the cookies or choose which ones you want.
Our website uses cookies to improve your experience while you navigate through the website. Cookies categorised as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. In addition, we also use third-party cookies that help us analyze and understand how you use this website. These cookies are only stored in your browser with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
__hssrc
session
This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_cfuvid
session
Calendly sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services
_GRECAPTCHA
5 months 27 days
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
rc::a
never
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::b
session
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c
session
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::f
never
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Cookie
Duration
Description
__cf_bm
30 minutes
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc
30 minutes
HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie
2 years
LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie
2 years
LinkedIn sets this cookie to store performed actions on the website.
lang
session
LinkedIn sets this cookie to remember a user's language setting.
lidc
1 day
LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory
1 month
LinkedIn sets this cookie for LinkedIn Ads ID syncing.
yt-remote-cast-installed
session
The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-fast-check-period
session
The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app
session
The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name
session
The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY
never
The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Cookie
Duration
Description
SRM_B
1 year 24 days
Used by Microsoft Advertising as a unique ID for visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
__hstc
1 year 24 days
This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_clck
1 year
Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk
1 day
Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga
1 year 1 month 4 days
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*
1 year 1 month 4 days
Google Analytics sets this cookie to store and count page views.
_gcl_au
3 months
Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
CLID
1 year
Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
CONSENT
2 years
YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk
1 year 24 days
HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
MR
7 days
This cookie, set by Bing, is used to collect user information for analytics purposes.
SM
session
Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
_fbp
3 months
This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
ANONCHK
10 minutes
The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
fr
3 months
Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
MUID
1 year 24 days
Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie
15 minutes
The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE
5 months 27 days
A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA
6 months
YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC
session
YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId
never
This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests
never
This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
