Cyber Resilience

CVE-2024-47898

High

Published: 31 January 2025

Published
31 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 31.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47898 is a high-severity Use After Free (CWE-416) vulnerability in Imaginationtech (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-11 (User-installed Software).

Deeper analysis

CVE-2024-47898 is a use-after-free vulnerability (CWE-416) affecting GPU drivers from Imagination Technologies. The issue arises when software installed and executed as a non-privileged user issues improper GPU system calls, leading to kernel exceptions due to memory handling errors in the driver. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with local access required.

A local attacker with low privileges can exploit this vulnerability through low-complexity attacks requiring no user interaction. Successful exploitation triggers kernel-level use-after-free conditions, potentially allowing arbitrary code execution, data corruption, or system crashes with high impacts on confidentiality, integrity, and availability.

Imagination Technologies has issued an advisory detailing the vulnerability at https://www.imaginationtech.com/gpu-driver-vulnerabilities/, which provides information on affected versions and recommended patches or mitigations for remediation.

EU & UK References

Vulnerability details

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local use-after-free in GPU kernel driver enables arbitrary code execution from low-privileged context, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-47331Shared CWE-416
CVE-2026-23111Shared CWE-416
CVE-2026-9970Shared CWE-416
CVE-2026-27909Shared CWE-416
CVE-2026-9932Shared CWE-416
CVE-2026-31530Shared CWE-416
CVE-2025-21856Shared CWE-416
CVE-2025-21727Shared CWE-416
CVE-2024-55549Shared CWE-416
CVE-2026-34859Shared CWE-416

Affected Assets

Imaginationtech
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely patching and updating of the vulnerable Imagination Technologies GPU driver to remediate the use-after-free flaw and prevent kernel exceptions from improper system calls.

prevent

Implements memory protection mechanisms that mitigate exploitation of the use-after-free vulnerability in the GPU kernel driver by hardening against memory corruption.

prevent

Prohibits or controls user-installed software that could issue improper GPU system calls as a non-privileged user, thereby reducing the risk of triggering the vulnerability.

References