CVE-2024-47899

CVE-2024-47899 is a use-after-free (CWE-416) vulnerability in GPU drivers developed by Imagination Technologies. It arises when software installed and executed as a non-privileged user issues improper GPU system calls, triggering kernel exceptions. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability within a local scope.

A local attacker with low privileges, such as a non-privileged user on the system, can exploit this flaw with low complexity and no user interaction required. Successful exploitation allows the attacker to trigger use-after-free conditions in the kernel, potentially leading to arbitrary code execution, privilege escalation, or system denial of service through kernel crashes.

Imagination Technologies has published details on mitigations in their GPU driver vulnerabilities advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/, which security practitioners should consult for patch availability, updated driver versions, and recommended remediation steps.