CVE-2024-47891

High

Published: 31 January 2025

Published

31 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 31.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Security Summary

CVE-2024-47891 is a use-after-free vulnerability (CWE-416) affecting GPU drivers from Imagination Technologies. The issue arises when software installed and run as a non-privileged user makes improper GPU system calls, triggering kernel exceptions. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-31.

A local attacker with low privileges can exploit this vulnerability through low-complexity attacks requiring no user interaction. Exploitation triggers kernel exceptions, enabling high-impact effects on confidentiality, integrity, and availability, such as potential kernel code execution or system denial of service.

Mitigation details are available in the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/.

Details

CWE(s): CWE-416

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/
367425dc-4d06-4041-9650-c2dc6aaa27ce