CVE-2024-52937Use of Out-of-range Pointer Offset in Technologies Graphics DDK

CWE-823Use of Out-of-range Pointer Offset3 documents3 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 86.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Imagination Technologies Graphics DDKGoogle Android
Timeline
PublishedJan 13
Latest updateApr 1

Description

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:NExploitability: 1.5 | Impact: 4.7

Affected Packages2 packages

CVEListV5imagination_technologies/graphics_ddk23.2 RTM224.2 RTM2

🔴Vulnerability Details

1
GHSA
GHSA-mhhc-7vg8-h992: Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised2025-01-13

📋Vendor Advisories

1
Android
CVE-2024-52937: PowerVR-GPU2025-04-01
CVE-2024-52937 — Use of Out-of-range Pointer Offset | cvebase