CVE-2024-52938Use of Out-of-range Pointer Offset in Technologies Graphics DDK

CWE-823Use of Out-of-range Pointer Offset3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 84.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Imagination Technologies Graphics DDKGoogle Android
Timeline
PublishedJan 13
Latest updateApr 1

Description

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised GPU memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5imagination_technologies/graphics_ddk1.15 RTM24.2 RTM2

🔴Vulnerability Details

1
GHSA
GHSA-3vv9-8w9f-p9ff: Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger2025-01-13

📋Vendor Advisories

1
Android
CVE-2024-52938: PowerVR-GPU2025-04-01
CVE-2024-52938 — Use of Out-of-range Pointer Offset | cvebase