CVE-2024-46971: GPU DDK - UAF of memory in PMRUnlockSysPhysAddressesLocalMem for on-demand PMRs on PCI (LMA) systems
Description
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
Classification
CVE ID: CVE-2024-46971
Affected Products
Vendor: Imagination Technologies
Product: Graphics DDK
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.48% (scored less or equal to compared to others)
EPSS Date: 2025-02-04 (when was this score calculated)