CVE-2024-47894

Name of the Vulnerable Software and Affected Versions: Graphics DDK version <= 24.2 RTM2

Description: The kernel software installed and running inside a guest virtual machine (VM) can send improper commands to the GPU firmware, allowing it to read data outside the guest's virtualized GPU memory. This issue may potentially affect a significant number of devices worldwide, although the exact number is not specified.

Recommendations: For Graphics DDK version <= 24.2 RTM2, consider updating to a version later than 24.2 RTM2 to resolve the issue. As a temporary workaround, restrict access to the GPU firmware to minimize the risk of exploitation. Avoid using the GPU firmware until the issue is resolved. At the moment, there is no information about additional mitigation measures.