Cyber Resilience

CVE-2024-47891

High

Published: 31 January 2025

Published
31 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 31.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47891 is a high-severity Use After Free (CWE-416) vulnerability in Imaginationtech (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-47891 is a use-after-free vulnerability (CWE-416) affecting GPU drivers from Imagination Technologies. The issue arises when software installed and run as a non-privileged user makes improper GPU system calls, triggering kernel exceptions. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-31.

A local attacker with low privileges can exploit this vulnerability through low-complexity attacks requiring no user interaction. Exploitation triggers kernel exceptions, enabling high-impact effects on confidentiality, integrity, and availability, such as potential kernel code execution or system denial of service.

Mitigation details are available in the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/.

EU & UK References

Vulnerability details

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Use-after-free in GPU kernel driver allows local low-privileged user to trigger kernel exceptions and achieve code execution/DoS, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-47331Shared CWE-416
CVE-2026-23111Shared CWE-416
CVE-2026-9970Shared CWE-416
CVE-2026-27909Shared CWE-416
CVE-2026-9932Shared CWE-416
CVE-2026-31530Shared CWE-416
CVE-2025-21856Shared CWE-416
CVE-2025-21727Shared CWE-416
CVE-2024-55549Shared CWE-416
CVE-2026-34859Shared CWE-416

Affected Assets

Imaginationtech
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly mitigates the use-after-free vulnerability in Imagination Technologies GPU drivers by applying vendor-provided patches to prevent kernel exceptions from improper system calls.

prevent

Memory protection mechanisms such as address space layout randomization, data execution prevention, and kernel bounds checking comprehensively mitigate exploitation of the use-after-free vulnerability in GPU drivers.

prevent

Prohibiting user-installed software prevents local low-privilege attackers from deploying programs that make improper GPU system calls to trigger the kernel vulnerability.

References