A critical flaw in the VPU driver's memory mapping function allows local attackers to achieve arbitrary memory access and escalate privileges to the kernel level.

The vulnerability exists in the vpu_mmap function within vpu_ioctl due to a missing bounds check on memory offsets. This allows a local, authenticated user to perform an arbitrary address mmap, leading to local escalation of privilege without needing additional execution rights or user interaction.

This vulnerability presents a significant risk to device integrity, especially in mobile and embedded environments. An attacker with local access—potentially gained through a malicious application—could bypass system security to gain root or kernel-level control. The CVSS score of 9.3 highlights the high severity of losing control over the underlying operating system.

Immediate Action: Apply the latest kernel security updates or firmware patches provided by the device manufacturer or OS maintainer immediately.

Proactive Monitoring: Monitor system logs for unusual IOCTL calls or unexpected memory mapping requests originating from non-privileged applications.

Compensating Controls: Utilize SELinux or AppArmor profiles to restrict access to device drivers and IOCTL interfaces for untrusted applications.

Public Exploit Available: No

Given the ability to escalate to kernel privileges without user interaction, this vulnerability is a high-priority target for remediation. Organizations should prioritize patching mobile fleets and embedded systems that utilize these VPU drivers. Immediate deployment of the vendor's updated kernel or firmware is the only reliable mitigation.