Description
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible browser/GPU process crash. The software computes a required memory size from untrusted input, but integer overflow can produce a value smaller than needed. Subsequent write operations may then occur past the intended memory boundary, corrupting adjacent memory and causing process instability or termination.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Imagination Technologies / Graphics DDK1.18 RTM – 1.18 RTM
- Imagination Technologies / Graphics DDK23.2 RTM – 23.2 RTM
- Imagination Technologies / Graphics DDK24.2 RTM – 24.2 RTM
- Imagination Technologies / Graphics DDK25.1 RTM – 25.3 RTM
- Imagination Technologies / Graphics DDK26.1 RTM – 26.1 RTM
- Imagination Technologies / Graphics DDK26.2 RTM – 26.2 RTM