Impact
A non‑privileged user can execute GPU sparse memory API calls that trigger an out‑of‑bounds write on the kernel heap. This occurs due to incorrect translation of virtual page indexes into physical page translations when the Imagination Technologies Graphics DDK performs sparse allocation remapping. The CVE description does not detail specific downstream effects; however, the kernel heap corruption could potentially compromise system integrity or availability if exploited, such as facilitating arbitrary code execution or causing service disruption. The statement about potential impact is inferred, not directly stated in the provided data.
Affected Systems
The product affected is the Imagination Technologies Graphics DDK. No version information is present in the data, so all releases of this DDK are potentially impacted unless otherwise documented by the vendor.
Risk and Exploitability
The CVSS score of 8.8 indicates high severity, while the EPSS of <1% suggests low current exploitation probability. The available description implies the attack vector is local, from a non‑privileged user that can invoke the vulnerable GPU API. The vulnerability is not listed in the CISA KEV catalog. Given the kernel write nature, any exploit could impair confidentiality, integrity, or availability, but the exact exploitation method is not disclosed in the CVE data.
OpenCVE Enrichment