Cyber Resilience

CVE-2024-47897

High

Published: 13 January 2025

Published
13 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0024 47.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47897 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Imaginationtech (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 47.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-47897 is a high-severity vulnerability (CVSS 3.1 score of 8.8) classified under CWE-787 (Out-of-bounds Write) affecting GPU drivers from Imagination Technologies. The flaw enables software installed and executed as a non-privileged user to perform improper GPU system calls, which can result in platform instability and system reboots. Published on January 13, 2025, it targets components handling GPU operations in environments where such drivers are deployed.

The vulnerability can be exploited by an attacker with low privileges (PR:L) over a network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). Successful exploitation grants high impacts across confidentiality (C:H), integrity (I:H), and availability (A:H), allowing the attacker to potentially cause severe disruptions beyond mere reboots, such as unauthorized data access or modification alongside system crashes.

Imagination Technologies has issued guidance on mitigations via their GPU driver vulnerabilities advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/. Security practitioners should consult this page for patch availability, updated driver versions, and recommended hardening measures to address the improper system call issue.

EU & UK References

Vulnerability details

Software installed and run as a non-privileged user may conduct improper GPU system calls resulting in platform instability and reboots.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Out-of-bounds write in GPU driver enables local exploitation by low-privileged users via improper system calls, directly supporting privilege escalation (T1068) and endpoint DoS via system crashes/reboots (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24273Shared CWE-787
CVE-2026-25569Shared CWE-787
CVE-2024-47398Shared CWE-787
CVE-2026-3038Shared CWE-787
CVE-2026-31505Shared CWE-787
CVE-2026-23323Shared CWE-787
CVE-2026-28825Shared CWE-787
CVE-2026-31698Shared CWE-787
CVE-2024-54509Shared CWE-787
CVE-2025-30273Shared CWE-787

Affected Assets

Imaginationtech
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the out-of-bounds write vulnerability in Imagination Technologies GPU drivers by ensuring timely patching as advised by the vendor.

prevent

Enforces secure configuration settings for GPU drivers to block improper system calls from non-privileged software, aligning with vendor hardening guidance.

prevent

Limits non-privileged users and processes to only necessary privileges, reducing the ability of installed software to access and abuse GPU system calls.

References