CVE-2024-4610

Mali GPU Kernel Driver allows improper GPU memory processing operations

CVSS 7.4 HIGHEPSS 0.8%● KEVCWE-416

In short

A use-after-free vulnerability in Mali GPU drivers allows a local user to access GPU memory that has already been freed, potentially exposing sensitive data or causing system instability.

Technical detail

Use-after-free vulnerability (CWE-416) in Arm Bifrost and Valhall GPU Kernel Drivers (versions r34p0-r40p0) triggered by improper GPU memory processing operations. Local non-privileged user can access freed GPU memory regions, leading to information disclosure or denial of service.

Summary generated and translated by AI from the official description.

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Arm Ltd · Bifrost GPU Kernel Driver Arm Ltd · Valhall GPU Kernel Driver

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4610