ByteOS

CVSS Score-7.8||HIGH

EPSS-0.05% / 14.23%

||

7 Day CHG~0.00%

Published-28 Dec, 2024 | 04:58

Updated-15 Apr, 2026 | 00:35

GPU DDK - Security: Exploitable PVRSRVBridgePhysmemWrapExtMem may lead to overwrite read-only file/memory (e.g. libc.so)

Software installed and run as a non-privileged user can trigger the GPU kernel driver to write to arbitrary read-only system files that have been mapped into application memory.

Product-Graphics DDK

CWE ID-CWE-280

Improper Handling of Insufficient Permissions or Privileges

CVE-2024-46973

CVSS Score-7.8||HIGH

EPSS-0.06% / 19.77%

||

7 Day CHG~0.00%

Published-28 Dec, 2024 | 04:56

Updated-15 Apr, 2026 | 00:35

Exploitable kernel use-after-free on psServerMMUContext due to reference count mismanagement

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Product-Graphics DDK

CWE ID-CWE-416

Use After Free

CVE-2024-46972

CVSS Score-7.8||HIGH

EPSS-0.05% / 15.10%

||

7 Day CHG~0.00%

Published-28 Dec, 2024 | 04:53

Updated-15 Apr, 2026 | 00:35

GPU DDK - Security: Reference count overflow in pvr_sync_rollback_export_fence

Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.

Product-Graphics DDK

CWE ID-CWE-911

Improper Update of Reference Count

CVE-2024-47892

CVSS Score-7.8||HIGH

EPSS-0.08% / 23.21%

||

7 Day CHG~0.00%

Published-13 Dec, 2024 | 17:35

Updated-15 Apr, 2026 | 00:35

GPU DDK - UAF of kernel memory in PMRUnlockPhysAddressesOSMem for on-demand non-4KB PMRs in system memory (UMA)

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

Product-Graphics DDK

CWE ID-CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE ID-CWE-416

Use After Free

CVE-2024-46971

CVSS Score-7.8||HIGH

EPSS-0.14% / 33.07%

||

7 Day CHG~0.00%

Published-13 Dec, 2024 | 17:32

Updated-15 Apr, 2026 | 00:35

GPU DDK - UAF of memory in PMRUnlockSysPhysAddressesLocalMem for on-demand PMRs on PCI (LMA) systems

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

Product-Graphics DDK

CWE ID-CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE ID-CWE-416

Use After Free

CVE-2024-43703

CVSS Score-8.1||HIGH

EPSS-0.14% / 33.95%

||

7 Day CHG~0.00%

Published-30 Nov, 2024 | 02:39

Updated-15 Apr, 2026 | 00:35

GPU DDK - Duplicate calls to RGXCreateFreeList on the same reservation leads to GPU UAF

Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW.

Product-Graphics DDK ddk

CWE ID-CWE-416

Use After Free

CVE-2024-43702

CVSS Score-8.1||HIGH

EPSS-0.11% / 28.56%

||

7 Day CHG~0.00%

Published-30 Nov, 2024 | 02:30

Updated-15 Apr, 2026 | 00:35

GPU DDK - MLIST/PM render state buffers writable allowing arbitrary writes to kernel memory pages

Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page.

Product-Graphics DDK ddk

CWE ID-CWE-280

Improper Handling of Insufficient Permissions or Privileges

CVE-2024-43704