CVE-2024-52935 — Use of Out-of-range Pointer Offset in Technologies Graphics DDK

CWE-823 — Use of Out-of-range Pointer Offset4 documents4 sources

Severity

4.1MEDIUMNVD

EPSS

0.1%

top 83.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagination Technologies Graphics DDK Google Android

Timeline

PublishedJan 13

Latest updateFeb 1

Description

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 0.7 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5imagination_technologies/graphics_ddk1.15 RTM — 24.2 RTM2

▶googlegoogle/android

🔴Vulnerability Details

OSV

CVE-2024-52935: In TBD of TBD, there is a possible out of bounds write due to a missing bounds check↗2025-02-01

▶

GHSA

GHSA-74px-f778-7g38: Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised↗2025-01-13

▶

📋Vendor Advisories

Android

CVE-2024-52935: PowerVR-GPU↗2025-02-01

▶