CVE-2024-52936Use of Out-of-range Pointer Offset in Technologies Graphics DDK

CWE-823Use of Out-of-range Pointer Offset3 documents3 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 87.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Imagination Technologies Graphics DDKGoogle Android
Timeline
PublishedJan 13
Latest updateApr 1

Description

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5imagination_technologies/graphics_ddk1.15 RTM24.2 RTM2

🔴Vulnerability Details

1
GHSA
GHSA-6x59-xc7r-c342: Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised G2025-01-13

📋Vendor Advisories

1
Android
CVE-2024-52936: PowerVR-GPU2025-04-01
CVE-2024-52936 — Use of Out-of-range Pointer Offset | cvebase