CVE-2024-47898

CVE-2024-47898 is a use-after-free vulnerability (CWE-416) affecting GPU drivers from Imagination Technologies. The issue arises when software installed and executed as a non-privileged user issues improper GPU system calls, leading to kernel exceptions due to memory handling errors in the driver. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with local access required.

A local attacker with low privileges can exploit this vulnerability through low-complexity attacks requiring no user interaction. Successful exploitation triggers kernel-level use-after-free conditions, potentially allowing arbitrary code execution, data corruption, or system crashes with high impacts on confidentiality, integrity, and availability.

Imagination Technologies has issued an advisory detailing the vulnerability at https://www.imaginationtech.com/gpu-driver-vulnerabilities/, which provides information on affected versions and recommended patches or mitigations for remediation.