Impact
The vulnerability stems from the Imagination Technologies Graphics DDK mapping shared secure memory allocations into the virtual address space of all GPU processes. This allows a malicious actor to move sensitive data from one isolated GPU process to another or to corrupt shared resources, leading to image corruption and the need for hardware recovery. The weakness is classified as CWE‑653, an insecure resource allocation. Based on the description, it is inferred that the attacker must be able to create or control secure GPU processes to exploit the memory sharing feature.
Affected Systems
Imagination Technologies Graphics DDK is affected. No specific version information is provided, so all installations of the driver should be considered potentially vulnerable.
Risk and Exploitability
The exploit requires the attacker to have control over a secure GPU process or to be able to create such processes in order to request the shared secure memory allocation. The CVSS score of 5.5 indicates a moderate impact, while the EPSS score of less than 1 % suggests a low probability of public exploitation. Because the vulnerability is not listed in the CISA KEV catalog, there is no evidence of widespread exploitation. Nonetheless, local or privileged access to the GPU driver is likely needed, implying that a system with elevated GPU privileges is the primary target.
OpenCVE Enrichment