Cyber Posture

CVE-2024-47900

High

Published: 31 January 2025

Published
31 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 31.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47900 is a high-severity Use of Out-of-range Pointer Offset (CWE-823) vulnerability in Imaginationtech (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match
prevent

Implements controls to protect system memory from unauthorized access, modification, or deletion, directly countering OOB kernel memory access via improper GPU system calls.

SI-2 Flaw Remediation good match
prevent

Requires identification, reporting, and timely remediation of flaws like this GPU driver vulnerability through patching.

CM-11 User-installed Software good match
prevent

Prevents non-privileged user-installed software from executing, blocking the vector for triggering improper GPU system calls.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local GPU driver bug enables unprivileged user to trigger OOB kernel memory access via malicious syscalls, directly matching Exploitation for Privilege Escalation (T1068) with potential for kernel-level code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.

Deeper analysisAI

CVE-2024-47900 is a vulnerability in GPU drivers developed by Imagination Technologies, where software installed and executed as a non-privileged user can perform improper GPU system calls, leading to out-of-bounds (OOB) access to kernel memory. This issue, classified under CWE-823 (Access of Uninitialized Pointer), carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

A local attacker with low privileges, such as a standard non-privileged user on the system, can exploit this vulnerability by running malicious or compromised software that triggers the improper GPU system calls. Successful exploitation grants access to sensitive kernel memory outside intended bounds, potentially allowing arbitrary code execution, data theft, or system compromise at the kernel level without requiring user interaction or elevated privileges beyond the attacker's existing local access.

For mitigation details, refer to the vendor advisory at https://www.imaginationtech.com/gpu-driver-vulnerabilities/, which provides information on patches and recommended actions for affected GPU driver versions.

Details

CWE(s)
CWE-823

Affected Products

Imaginationtech
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2024-52938Shared CWE-823
CVE-2024-52939Shared CWE-823
CVE-2024-49840Shared CWE-823
CVE-2024-47894Shared CWE-823
CVE-2024-47895Shared CWE-823
CVE-2024-12577Shared CWE-823
CVE-2024-33041Shared CWE-823
CVE-2026-32829Shared CWE-823
CVE-2024-43060Shared CWE-823
CVE-2024-45573Shared CWE-823

References