Arm GPU Kernel Driver Use After Free CVE-2024-4610 (Bifrost/Valhall)
CVE-2024-4610 Published on June 7, 2024

Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.

NVD

Known Exploited Vulnerability

This Arm Mali GPU Kernel Driver Use-After-Free Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.

The following remediation steps are recommended / required by July 3, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2024-4610 is exploitable with local system access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2024-4610 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2024-4610

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-4610 are published in these products:

Arm Valhall Gpu Kernel Driver
 
Arm Bifrost Gpu Kernel Driver
 
Google Android
 

Affected Versions

Arm Ltd Bifrost GPU Kernel Driver: Arm Ltd Valhall GPU Kernel Driver: arm bifrost_gpu_kernel_driver: arm valhall_gpu_kernel_driver:

Exploit Probability

EPSS
0.59%
Percentile
68.95%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.