Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE).
Kernel software installed and running within the untrusted/rich execution environment (REE) is able to access information stored or processed in the trusted execution environment (TEE). The isolation boundary between REE and TEE — which forms the foundation of the security model for such architectures — is not properly enforced, leading to unauthorized data leakage. CWE-280 indicates insufficient permission management as the cause of this condition.
An attacker can gain unauthorized access to sensitive data stored in the TEE, such as cryptographic keys, authentication credentials, or other sensitive information, which may lead to complete compromise of the confidentiality of protected resources.
Apply patches available from the manufacturer in accordance with references published at https://www.imaginationtech.com/gpu-driver-vulnerabilities/
Imagination Technologies products utilizing GPU drivers — versions indicated in manufacturer references (https://www.imaginationtech.com/gpu-driver-vulnerabilities/)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H