Use After Free Vulnerability in Arm Ltd GPU Kernel Drivers
CVE-2024-1067

7.4HIGH

Key Information:

Vendor: Arm Ltd
Status: Bifrost Gpu Kernel Driver; Valhall Gpu Kernel Driver; Arm 5th Gen Gpu Architecture Kernel Driver
Vendor: CVE Published:; 3 May 2024

What is CVE-2024-1067?

A use after free vulnerability exists in Arm Ltd's GPU Kernel Drivers, including the Bifrost, Valhall, and 5th Gen GPU architecture. This flaw permits local non-privileged users to manipulate GPU memory improperly, which could lead to unauthorized access to userspace memory of other processes. The issue surfaces under specific configurations of the Linux kernel paired with the Mali GPU kernel driver on Armv8.0 cores. Users of versions r41p0 through r47p0 for these drivers should remain vigilant for potential memory safety risks.

Affected Version(s)

Arm 5th Gen GPU Architecture Kernel Driver r41p0

Bifrost GPU Kernel Driver r41p0

Valhall GPU Kernel Driver r41p0

References

https://developer.arm.com/Arm%20Security%20Center/Mali%20...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024