CVE-2024-47897

CVE-2024-47897 is a high-severity vulnerability (CVSS 3.1 score of 8.8) classified under CWE-787 (Out-of-bounds Write) affecting GPU drivers from Imagination Technologies. The flaw enables software installed and executed as a non-privileged user to perform improper GPU system calls, which can result in platform instability and system reboots. Published on January 13, 2025, it targets components handling GPU operations in environments where such drivers are deployed.

The vulnerability can be exploited by an attacker with low privileges (PR:L) over a network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). Successful exploitation grants high impacts across confidentiality (C:H), integrity (I:H), and availability (A:H), allowing the attacker to potentially cause severe disruptions beyond mere reboots, such as unauthorized data access or modification alongside system crashes.

Imagination Technologies has issued guidance on mitigations via their GPU driver vulnerabilities advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/. Security practitioners should consult this page for patch availability, updated driver versions, and recommended hardening measures to address the improper system call issue.