CVE-2024-43703

CVE-2024-43703: GPU DDK - Duplicate calls to RGXCreateFreeList on the same reservation leads to GPU UAF

Vendor Imagination Technologies
Product Graphics DDK
Weakness CWE-416
Published November 30, 2024
Last update December 1, 2024

CVSS base score

What the vulnerability does

01Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW.

Key dates

02Disclosure timeline

November 30, 2024 CVE published
December 1, 2024 Record updated