Software that runs as a non-privileged user can issue improper GPU system calls to the Imagination Technologies Graphics DDK to cause a mismanagement of a mapping state used for a sparse memory allocation. The bug arises because the driver incorrectly calculates the virtual index count, causing the code to refer to the wrong memory region. As a result, an attacker can read or write arbitrary physical pages, potentially exposing confidential data or corrupting system memory. The weakness is a classic example of CWE-468, where an object improperly reused or its size is incorrectly handled.

The vulnerability affects the Imagination Technologies Graphics DDK, a GPU driver component used in systems that rely on this driver for graphics acceleration. No specific version information is provided in the CVE data, so any installation of this driver that includes the DevmemIntChangeSparse functionality may be impacted.

The CVSS score is 7.1 and the EPSS exploitation probability is not available, and the vulnerability is not listed in the CISA KEV catalog, leaving the precise likelihood of exploitation uncertain. Based on the description, the likely attack vector is local: a malicious or compromised non-privileged user executing specially crafted GPU commands could trigger the misuse of the sparse memory mapping. Because the impact includes arbitrary physical memory read/write, the vulnerability could serve as a foothold for privilege escalation or lateral movement should an attacker gain the ability to run GPU workloads.