Loop with Unreachable Exit Condition in Arm Ltd GPU Drivers

CVE-2024-6790

What is CVE-2024-6790?

CVE-2024-6790 is a vulnerability identified in the GPU drivers provided by Arm Ltd, specifically affecting the Bifrost, Valhall, and Arm 5th Gen GPU Architecture Kernel Drivers. The flaw arises from an "Infinite Loop" condition that can be triggered by non-privileged user processes. If successfully exploited, this vulnerability could lead to system-wide unresponsiveness, significantly affecting the performance and usability of devices relying on these GPU drivers, notably in environments that utilize WebGL or WebGPU technologies.

Technical Details

The vulnerability manifests as a loop with an unreachable exit condition within the specified GPU drivers. It affects multiple versions of the Bifrost and Valhall GPU Kernel Drivers, as well as the Arm’s 5th Gen GPU Kernel Driver. The affected versions span from r44p1 to r51p0 across the various drivers. This flaw allows maliciously constructed valid GPU memory processing operations to be executed, which can stall or freeze the entire system when invoked.

Potential impact of CVE-2024-6790

1. System Unresponsiveness: The primary impact of CVE-2024-6790 is the potential to render systems unresponsive, creating significant disruptions to workflows and end-user experiences.

2. Denial of Service (DoS): Exploiting this vulnerability could result in a denial of service, where legitimate users are unable to utilize the system effectively due to unresponsiveness caused by the infinite loop.

3. Resource Misuse: The vulnerability can potentially lead to excessive consumption of system resources, impacting performance not just for the affected application but also for other applications running on the same system, leading to broader operational inefficiencies.

References