CVE-2024-46975

CVE-2024-46975 is a vulnerability affecting GPU firmware and drivers, specifically those from Imagination Technologies, in virtualized environments. Kernel software running inside a Guest VM can exploit memory shared with the GPU Firmware to arbitrarily write data into another Guest's virtualized GPU memory. This issue, associated with CWE-270 (Permissions, Privileges, and Access Controls), carries a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to its potential for cross-VM impact.

A local attacker with low privileges in a compromised Guest VM can exploit this vulnerability, requiring low complexity and user interaction. Successful exploitation allows writing to another Guest's virtualized GPU memory, achieving high confidentiality and integrity impacts with a changed scope, enabling data corruption or exfiltration across VM isolation boundaries in multi-tenant setups.

Mitigation details are provided in the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/, which likely includes patches or configuration guidance for affected GPU drivers and firmware in virtualized deployments.