CVE-2024-2937: Mali GPU Kernel Driver allows improper GPU memory processing operations
First published: Mon Aug 05 2024(Updated: )
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.
Credit: arm-security@arm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver | >=r41p0<r50p0 | |
| Arm Bifrost GPU Kernel Driver | >=r41p0<r50p0 | |
| Arm Ltd Valhall GPU Kernel Driver | >=r41p0<r50p0 | |
| Android |
Remedy
This issue is fixed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Kernel Driver r49p1 and r50p0. Users are recommended to upgrade if they are impacted by this issue.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-2937?
CVE-2024-2937 has a moderate severity rating due to its potential to allow unauthorized access to freed memory in GPU drivers.
How do I fix CVE-2024-2937?
To fix CVE-2024-2937, update the affected Arm GPU kernel drivers and ensure your Android device is using the latest security patches.
What are the affected components of CVE-2024-2937?
CVE-2024-2937 affects the Arm Bifrost, Valhall GPU kernel drivers, and the Arm 5th Gen GPU architecture driver.
Who is impacted by CVE-2024-2937?
Local non-privileged users on devices using affected Arm GPU drivers may be impacted by CVE-2024-2937.
What does CVE-2024-2937 exploit?
CVE-2024-2937 exploits a use-after-free condition in GPU kernel drivers, potentially leading to improper memory access.
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/title
- agent/severity
- agent/references
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/android-source
- source/Android
- vendor/arm
- canonical/arm ltd arm 5th gen gpu architecture kernel driver
- version/arm ltd arm 5th gen gpu architecture kernel driver/r41p0
- canonical/arm bifrost gpu kernel driver
- version/arm bifrost gpu kernel driver/r41p0
- canonical/arm ltd valhall gpu kernel driver
- version/arm ltd valhall gpu kernel driver/r41p0
- vendor/google
- canonical/android