What is the severity of CVE-2024-4607?

CVE-2024-4607 has a medium severity rating due to its potential to allow unauthorized access to freed GPU memory.

How do I fix CVE-2024-4607?

To fix CVE-2024-4607, ensure that you update your affected Arm GPU kernel drivers to the latest patched versions.

Who is affected by CVE-2024-4607?

CVE-2024-4607 affects users of Google Android and various Arm GPU kernel drivers, including Bifrost and Valhall drivers.

What type of vulnerability is CVE-2024-4607?

CVE-2024-4607 is categorized as a Use After Free vulnerability, which can lead to improper memory processing.

Can CVE-2024-4607 be exploited remotely?

CVE-2024-4607 is a local vulnerability and requires a non-privileged user to exploit it.

Vulnerability/
CVE-2024-4607

high

7.8

CWE

416

5/8/2024

24/10/2024

CVE-2024-4607: Mali GPU Kernel Driver allows improper GPU memory processing operations

First published: Mon Aug 05 2024(Updated: )

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.

Credit: arm-security@arm.com

Affected Software	Affected Version	How to fix
Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver	>=r41p0<r50p0
Arm Bifrost GPU Kernel Driver	>=r41p0<r50p0
Arm Ltd Valhall GPU Kernel Driver	>=r41p0<r50p0
Android

Remedy

This issue is fixed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Kernel Driver r49p1 and r50p0. Users are recommended to upgrade if they are impacted by this issue.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-4607?
CVE-2024-4607 has a medium severity rating due to its potential to allow unauthorized access to freed GPU memory.
How do I fix CVE-2024-4607?
To fix CVE-2024-4607, ensure that you update your affected Arm GPU kernel drivers to the latest patched versions.
Who is affected by CVE-2024-4607?
CVE-2024-4607 affects users of Google Android and various Arm GPU kernel drivers, including Bifrost and Valhall drivers.
What type of vulnerability is CVE-2024-4607?
CVE-2024-4607 is categorized as a Use After Free vulnerability, which can lead to improper memory processing.
Can CVE-2024-4607 be exploited remotely?
CVE-2024-4607 is a local vulnerability and requires a non-privileged user to exploit it.

agent/title
agent/weakness
agent/type
agent/description
agent/author
agent/severity
agent/references
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/remedy
agent/last-modified-date
agent/source
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/android-source
source/Android
vendor/arm
canonical/arm ltd arm 5th gen gpu architecture kernel driver
version/arm ltd arm 5th gen gpu architecture kernel driver/r41p0
canonical/arm bifrost gpu kernel driver
version/arm bifrost gpu kernel driver/r41p0
canonical/arm ltd valhall gpu kernel driver
version/arm ltd valhall gpu kernel driver/r41p0
vendor/google
canonical/android

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.