CVE-2024-12837 - Vulnerability Details - OpenCVE

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00036.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-54154	Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.imaginationtech.com/gpu-driver-vulnerabilities/

History

Fri, 07 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 07 Mar 2025 08:00:00 +0000

Type	Values Removed	Values Added
Description		Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.
Title		GPU DDK - Exploitable kernel double free on apsFenceSyncCheckpoints allocated with arbitrary size
Weaknesses		CWE-416
References		https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published: 2025-03-07T07:45:16.126Z

Updated: 2025-03-07T15:10:49.823Z

Reserved: 2024-12-20T03:19:18.355Z

Link: CVE-2024-12837

Vulnrichment

Updated: 2025-03-07T15:10:11.292Z

NVD

Status : Received

Published: 2025-03-07T08:15:37.313

Modified: 2025-03-07T16:15:37.893

Link: CVE-2024-12837

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-416

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12837", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "state": "PUBLISHED", "assignerShortName": "imaginationtech", "dateReserved": "2024-12-20T03:19:18.355Z", "datePublished": "2025-03-07T07:45:16.126Z", "dateUpdated": "2025-03-07T15:10:49.823Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Linux", "Android"], "product": "Graphics DDK", "vendor": "Imagination Technologies", "versions": [{"lessThanOrEqual": "24.3 RTM", "status": "affected", "version": "1.15 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "25.1 RTM", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.<br>"}], "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory."}], "impacts": [{"capecId": "CAPEC-113", "descriptions": [{"lang": "en", "value": "CAPEC-113: Interface Manipulation"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2025-03-07T07:45:16.126Z"}, "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "title": "GPU DDK - Exploitable kernel double free on apsFenceSyncCheckpoints allocated with arbitrary size", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-07T15:09:50.627190Z", "id": "CVE-2024-12837", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-07T15:10:49.823Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-12837", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-07T15:09:50.627190Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-07T15:10:11.292Z"}}], "cna": {"title": "GPU DDK - Exploitable kernel double free on apsFenceSyncCheckpoints allocated with arbitrary size", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-113", "descriptions": [{"lang": "en", "value": "CAPEC-113: Interface Manipulation"}]}], "affected": [{"vendor": "Imagination Technologies", "product": "Graphics DDK", "versions": [{"status": "affected", "version": "1.15 RTM", "versionType": "custom", "lessThanOrEqual": "24.3 RTM"}, {"status": "unaffected", "version": "25.1 RTM", "versionType": "custom"}], "platforms": ["Linux", "Android"], "defaultStatus": "unknown"}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.", "supportingMedia": [{"type": "text/html", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2025-03-07T07:45:16.126Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12837", "state": "PUBLISHED", "dateUpdated": "2025-03-07T15:10:49.823Z", "dateReserved": "2024-12-20T03:19:18.355Z", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "datePublished": "2025-03-07T07:45:16.126Z", "assignerShortName": "imaginationtech"}, "dataVersion": "5.1"}