CVE-2024-47900

CVE-2024-47900 is a vulnerability in GPU drivers developed by Imagination Technologies, where software installed and executed as a non-privileged user can perform improper GPU system calls, leading to out-of-bounds (OOB) access to kernel memory. This issue, classified under CWE-823 (Access of Uninitialized Pointer), carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

A local attacker with low privileges, such as a standard non-privileged user on the system, can exploit this vulnerability by running malicious or compromised software that triggers the improper GPU system calls. Successful exploitation grants access to sensitive kernel memory outside intended bounds, potentially allowing arbitrary code execution, data theft, or system compromise at the kernel level without requiring user interaction or elevated privileges beyond the attacker's existing local access.

For mitigation details, refer to the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/, which provides information on patches and recommended actions for affected GPU driver versions.