Main Vulnerability Database Vulnerabilities #VU107126

#VU107126 Out-of-bounds write in PowerVR GPU DDK - CVE-2024-52936

Published: April 7, 2025

Vulnerability identifier: #VU107126

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-52936

CWE-ID: CWE-787

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
PowerVR GPU DDK

Software vendor:
Imagination Technologies

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in rgxfw_hwperf_config. Kernel software installed on Guest VM can post improper commands to the GPU Firmware to write data outside the Guest’s virtualised GPU memory.

Remediation

Install updates from vendor's website.

External links

https://www.imaginationtech.com/gpu-driver-vulnerabilities/#PP-171232

#VU107126 Out-of-bounds write in PowerVR GPU DDK - CVE-2024-52936

Description

Remediation

External links

Please verify you're human