CVE-2024-12576 - Vulnerability Details - OpenCVE

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a crash of the FW running on the GPU freezing graphics output.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00031.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-54146	Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a crash of the FW running on the GPU freezing graphics output.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.imaginationtech.com/gpu-driver-vulnerabilities/

History

Fri, 07 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 07 Mar 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a crash of the FW running on the GPU freezing graphics output.
Title		GPU DDK - Untrusted app can crash firmware by forcing MCU access to non-aligned address
Weaknesses		CWE-822
References		https://www.imaginationtech.com/gpu-driver-vulnerabilities/

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: imaginationtech

Published: 2025-03-07T07:36:21.228Z

Updated: 2025-03-07T19:34:51.249Z

Reserved: 2024-12-12T15:49:47.322Z

Link: CVE-2024-12576

Vulnrichment

Updated: 2025-03-07T19:34:46.960Z

NVD

Status : Received

Published: 2025-03-07T08:15:35.570

Modified: 2025-03-07T20:15:36.903

Link: CVE-2024-12576

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-822

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12576", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "state": "PUBLISHED", "assignerShortName": "imaginationtech", "dateReserved": "2024-12-12T15:49:47.322Z", "datePublished": "2025-03-07T07:36:21.228Z", "dateUpdated": "2025-03-07T19:34:51.249Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Linux", "Android"], "product": "Graphics DDK", "vendor": "Imagination Technologies", "versions": [{"lessThanOrEqual": "24.3 RTM", "status": "affected", "version": "1.15 RTM", "versionType": "custom"}, {"status": "unaffected", "version": "25.1 RTM", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a crash of the FW running on the GPU freezing graphics output.</span>\n\n<br>"}], "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a crash of the FW running on the GPU freezing graphics output."}], "impacts": [{"capecId": "CAPEC-113", "descriptions": [{"lang": "en", "value": "CAPEC - CAPEC-113: Interface Manipulation (Version 3.9)"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-822", "description": "CWE - CWE-822: Untrusted Pointer Dereference (4.16)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2025-03-07T07:36:21.228Z"}, "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "source": {"discovery": "UNKNOWN"}, "title": "GPU DDK - Untrusted app can crash firmware by forcing MCU access to non-aligned address", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-07T19:34:21.244595Z", "id": "CVE-2024-12576", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-07T19:34:51.249Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-12576", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-07T19:34:21.244595Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-07T19:34:46.960Z"}}], "cna": {"title": "GPU DDK - Untrusted app can crash firmware by forcing MCU access to non-aligned address", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-113", "descriptions": [{"lang": "en", "value": "CAPEC - CAPEC-113: Interface Manipulation (Version 3.9)"}]}], "affected": [{"vendor": "Imagination Technologies", "product": "Graphics DDK", "versions": [{"status": "affected", "version": "1.15 RTM", "versionType": "custom", "lessThanOrEqual": "24.3 RTM"}, {"status": "unaffected", "version": "25.1 RTM", "versionType": "custom"}], "platforms": ["Linux", "Android"], "defaultStatus": "unknown"}], "references": [{"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a crash of the FW running on the GPU freezing graphics output.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger a crash of the FW running on the GPU freezing graphics output.</span>\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-822", "description": "CWE - CWE-822: Untrusted Pointer Dereference (4.16)"}]}], "providerMetadata": {"orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "shortName": "imaginationtech", "dateUpdated": "2025-03-07T07:36:21.228Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12576", "state": "PUBLISHED", "dateUpdated": "2025-03-07T19:34:51.249Z", "dateReserved": "2024-12-12T15:49:47.322Z", "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "datePublished": "2025-03-07T07:36:21.228Z", "assignerShortName": "imaginationtech"}, "dataVersion": "5.1"}