CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43703 – GPU DDK - Duplicate calls to RGXCreateFreeList on the same reservation leads to GPU UAF
https://notcve.org/view.php?id=CVE-2024-43703
30 Nov 2024 — Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW. • https://www.imaginationtech.com/gpu-driver-vulnerabilities • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43702 – GPU DDK - MLIST/PM render state buffers writable allowing arbitrary writes to kernel memory pages
https://notcve.org/view.php?id=CVE-2024-43702
30 Nov 2024 — Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page. • https://www.imaginationtech.com/gpu-driver-vulnerabilities • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43701 – GPU DDK - PowerVR: TLB invalidate UAF of dma_buf imported into multiple GPU devices
https://notcve.org/view.php?id=CVE-2024-43701
14 Oct 2024 — Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. El software instalado y ejecutado como un usuario sin privilegios puede realizar llamadas al sistema de GPU para leer y escribir la memoria física liberada de la GPU. • https://www.imaginationtech.com/gpu-driver-vulnerabilities • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 277EXPL: 1CVE-2023-4969 – GPU kernel implementations susceptible to memory leak
https://notcve.org/view.php?id=CVE-2023-4969
16 Jan 2024 — A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. Un kernel de GPU puede leer datos confidenciales de otro kernel de GPU (incluso de otro usuario o aplicación) a través de una región de memoria de GPU optimizada llamada _local memory_ en varias arquitecturas. • https://blog.trailofbits.com • CWE-401: Missing Release of Memory after Effective Lifetime •