Use After Free Vulnerability Affects Arm Ltd GPU Drivers
CVE-2024-4607

7.8HIGH

Key Information:

Vendor: Arm Ltd
Status: Bifrost Gpu Kernel Driver; Valhall Gpu Kernel Driver; Arm 5th Gen Gpu Architecture Kernel Driver
Vendor: CVE Published:; 5 August 2024

What is CVE-2024-4607?

A Use After Free vulnerability exists in various GPU Kernel Drivers provided by Arm Ltd, including the Bifrost, Valhall, and the 5th Gen GPU Architecture drivers. This vulnerability enables local non-privileged users to execute improper memory operations, potentially leading to access to freed memory segments. The affected driver versions range from r41p0 to r49p0, posing a security risk related to memory management mishandling within the GPU architecture.

Affected Version(s)

Arm 5th Gen GPU Architecture Kernel Driver r41p0

Bifrost GPU Kernel Driver r41p0

Valhall GPU Kernel Driver r41p0

References

https://developer.arm.com/Arm%20Security%20Center/Mali%20...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2024
Vulnerability Reserved
May 7, 2024