CVE-2024-46975

High

Published: 22 February 2025

Published

22 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS Score 0.0002 5.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46975 is a high-severity Privilege Context Switching Error (CWE-270) vulnerability in Imaginationtech (inferred from references). Its CVSS base score is 7.9 (High).

Operationally, ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SC-4 (Information in Shared System Resources).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-4 Information in Shared System Resources good match

prevent

Prevents unauthorized information transfer via shared GPU firmware memory, directly mitigating cross-VM memory writes by guest kernels.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms to safeguard virtualized GPU memory from unauthorized writes by software in guest VMs.

SC-39 Process Isolation good match

prevent

Enforces process isolation to separate guest VM execution domains, blocking access to another guest's virtualized GPU memory.

NVD Description

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory.

Deeper analysisAI

CVE-2024-46975 is a vulnerability affecting GPU firmware and drivers, specifically those from Imagination Technologies, in virtualized environments. Kernel software running inside a Guest VM can exploit memory shared with the GPU Firmware to arbitrarily write data into another Guest's virtualized GPU memory. This issue, associated with CWE-270 (Permissions, Privileges, and Access Controls), carries a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to its potential for cross-VM impact.

A local attacker with low privileges in a compromised Guest VM can exploit this vulnerability, requiring low complexity and user interaction. Successful exploitation allows writing to another Guest's virtualized GPU memory, achieving high confidentiality and integrity impacts with a changed scope, enabling data corruption or exfiltration across VM isolation boundaries in multi-tenant setups.

Mitigation details are provided in the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/, which likely includes patches or configuration guidance for affected GPU drivers and firmware in virtualized deployments.

Details

CWE(s): CWE-270

Affected Products

Imaginationtech

—

inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-55210Shared CWE-270

CVE-2026-34853Shared CWE-270

References

https://www.imaginationtech.com/gpu-driver-vulnerabilities/
367425dc-4d06-4041-9650-c2dc6aaa27ce