CVE-2024-47894Use of Out-of-range Pointer Offset in Technologies Graphics DDK

CWE-823Use of Out-of-range Pointer Offset3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 89.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Imagination Technologies Graphics DDKGoogle Android
Timeline
PublishedJan 13
Latest updateApr 1

Description

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5imagination_technologies/graphics_ddk1.15 RTM24.2 RTM2

🔴Vulnerability Details

1
GHSA
GHSA-rgwm-px7v-j678: Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GP2025-01-13

📋Vendor Advisories

1
Android
CVE-2024-47894: PowerVR-GPU2025-04-01
CVE-2024-47894 — Use of Out-of-range Pointer Offset | cvebase