Main Vulnerability Database SB2025040760

SB2025040760 - Privilege escalation in PowerVR GPU DDK

Published: April 7, 2025

Security Bulletin ID SB2025040760

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Out-of-bounds write (CVE-ID: CVE-2024-52936)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Clear

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in rgxfw_hwperf_config. Kernel software installed on Guest VM can post improper commands to the GPU Firmware to write data outside the Guest’s virtualised GPU memory.

Remediation

Install update from vendor's website.

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/#PP-171232