What is the severity of CVE-2024-0671?

CVE-2024-0671 is classified as a high severity vulnerability due to the potential for a local non-privileged user to exploit improper GPU memory processing.

How do I fix CVE-2024-0671?

To fix CVE-2024-0671, update to the latest version of the affected GPU drivers provided by Arm or your device manufacturer.

What systems are affected by CVE-2024-0671?

CVE-2024-0671 affects devices running the Arm Midgard, Bifrost, Valhall GPU Kernel Drivers, commonly found in Android systems.

What is a Use After Free vulnerability as seen in CVE-2024-0671?

A Use After Free vulnerability occurs when a program continues to use memory after it has been freed, potentially allowing for unauthorized access or modification.

Can CVE-2024-0671 lead to remote code execution?

While CVE-2024-0671 is primarily a local vulnerability, it could potentially be leveraged to facilitate further attacks, including remote code execution under certain conditions.

Vulnerability/
CVE-2024-0671

medium

6.8

CWE

416

19/4/2024

27/3/2025

CVE-2024-0671: Mali GPU Kernel Driver allows improper GPU memory processing operations

First published: Fri Apr 19 2024(Updated: )

Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Midgard GPU Kernel Driver: from r19p0 through r32p0; Bifrost GPU Kernel Driver: from r7p0 through r48p0; Valhall GPU Kernel Driver: from r19p0 through r48p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r48p0.

Credit: arm-security@arm.com

Affected Software	Affected Version	How to fix
Android
Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver	>=r41p0<r49p0
Arm Bifrost GPU Kernel Driver	>=r7p0<r49p0
Arm Midgard	>=r19p0<=r32p0
Arm Ltd Valhall GPU Kernel Driver	>=r19p0<r49p0

Remedy

This issue is fixed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Kernel Driver r49p0. Users are recommended to upgrade if they are impacted by this issue.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-0671?
CVE-2024-0671 is classified as a high severity vulnerability due to the potential for a local non-privileged user to exploit improper GPU memory processing.
How do I fix CVE-2024-0671?
To fix CVE-2024-0671, update to the latest version of the affected GPU drivers provided by Arm or your device manufacturer.
What systems are affected by CVE-2024-0671?
CVE-2024-0671 affects devices running the Arm Midgard, Bifrost, Valhall GPU Kernel Drivers, commonly found in Android systems.
What is a Use After Free vulnerability as seen in CVE-2024-0671?
A Use After Free vulnerability occurs when a program continues to use memory after it has been freed, potentially allowing for unauthorized access or modification.
Can CVE-2024-0671 lead to remote code execution?
While CVE-2024-0671 is primarily a local vulnerability, it could potentially be leveraged to facilitate further attacks, including remote code execution under certain conditions.

agent/weakness
agent/title
agent/remedy
agent/first-publish-date
agent/description
agent/type
agent/author
agent/severity
agent/references
collector/mitre-cve
source/MITRE
agent/source
agent/last-modified-date
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/softwarecombine
agent/tags
collector/android-source
source/Android
vendor/arm
canonical/arm ltd arm 5th gen gpu architecture kernel driver
version/arm ltd arm 5th gen gpu architecture kernel driver/r41p0
canonical/arm bifrost gpu kernel driver
version/arm bifrost gpu kernel driver/r7p0
canonical/arm midgard
version/arm midgard/r19p0
version/arm midgard/r32p0
canonical/arm ltd valhall gpu kernel driver
version/arm ltd valhall gpu kernel driver/r19p0
vendor/google
canonical/android