What is the severity of CVE-2024-3655?

CVE-2024-3655 is classified as a high-severity vulnerability due to its potential for unauthorized access to freed GPU memory.

How do I fix CVE-2024-3655?

To fix CVE-2024-3655, users should update their Android operating system to the latest version that includes the security patch for this vulnerability.

Who is affected by CVE-2024-3655?

CVE-2024-3655 affects local non-privileged users running Android on devices utilizing the Arm Bifrost and Valhall GPU drivers.

What type of vulnerability is CVE-2024-3655?

CVE-2024-3655 is a Use After Free vulnerability, which allows manipulation of freed GPU memory.

Can CVE-2024-3655 lead to further exploitation?

Yes, exploiting CVE-2024-3655 can lead to unauthorized access and potential control over GPU memory, which could be leveraged for further attacks.

Vulnerability/
CVE-2024-3655

high

7.8

CWE

416

3/9/2024

27/3/2025

CVE-2024-3655: Mali GPU Kernel Driver allows improper GPU memory processing operations

First published: Tue Sep 03 2024(Updated: )

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0.

Credit: arm-security@arm.com

Affected Software	Affected Version	How to fix
Android
Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver	>=r43p0<r49p1
Arm Bifrost GPU Kernel Driver	>=r43p0<r49p1
Arm Ltd Valhall GPU Kernel Driver	>=r43p0<r49p1

Remedy

This issue is fixed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Kernel Driver r49p1 and r50p0. Users are recommended to upgrade if they are impacted by this issue.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-3655?
CVE-2024-3655 is classified as a high-severity vulnerability due to its potential for unauthorized access to freed GPU memory.
How do I fix CVE-2024-3655?
To fix CVE-2024-3655, users should update their Android operating system to the latest version that includes the security patch for this vulnerability.
Who is affected by CVE-2024-3655?
CVE-2024-3655 affects local non-privileged users running Android on devices utilizing the Arm Bifrost and Valhall GPU drivers.
What type of vulnerability is CVE-2024-3655?
CVE-2024-3655 is a Use After Free vulnerability, which allows manipulation of freed GPU memory.
Can CVE-2024-3655 lead to further exploitation?
Yes, exploiting CVE-2024-3655 can lead to unauthorized access and potential control over GPU memory, which could be leveraged for further attacks.

agent/title
agent/weakness
agent/description
agent/type
agent/author
agent/references
agent/severity
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/remedy
agent/source
collector/android-source
source/Android
agent/software-canonical-lookup
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/event
vendor/google
canonical/android
vendor/arm
canonical/arm ltd arm 5th gen gpu architecture kernel driver
version/arm ltd arm 5th gen gpu architecture kernel driver/r43p0
canonical/arm bifrost gpu kernel driver
version/arm bifrost gpu kernel driver/r43p0
canonical/arm ltd valhall gpu kernel driver
version/arm ltd valhall gpu kernel driver/r43p0