CVE-2024-52938

Name of the Vulnerable Software and Affected Versions Imagination Technologies Graphics DDK version <= 24.2 RTM2

Description The kernel software installed and running inside a Guest VM may send improper commands to the GPU Firmware to subvert reconstruction activities and trigger a write of data outside the Guest's virtualized GPU memory. This issue may allow for out-of-range pointer offset.

Recommendations For Imagination Technologies Graphics DDK version <= 24.2 RTM2, consider updating to a version later than 24.2 RTM2 to resolve the issue. As a temporary workaround, restrict access to the GPU Firmware to minimize the risk of exploitation. Avoid using the vulnerable kernel software inside a Guest VM until the issue is resolved. At the moment, there is no information about additional mitigation measures.