CVE-2024-4610: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
First published: Fri Jun 07 2024(Updated: )
Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
Credit: arm-security@arm.com arm-security@arm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Arm Bifrost Gpu Kernel Driver | >=r34p0<r41p0 | |
| Arm Valhall Gpu Kernel Driver | >=r34p0<r41p0 | |
Remedy
This issue is fixed in Bifrost and Valhall GPU Kernel Driver r41p0. Users are recommended to upgrade if they are impacted by this issue.
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/arm-warns-of-actively-exploited-flaw-in-mali-gpu-kernel-drivers/
- https://www.theregister.com/2024/06/12/june_patch_tuesday/
- https://www.bleepingcomputer.com/news/security/google-warns-of-actively-exploited-pixel-firmware-zero-day/
- https://www.bleepingcomputer.com/news/security/google-patches-exploited-android-zero-day-on-pixel-devices/
- https://source.android.com/docs/security/bulletin/2024-07-01/#asterisk
- https://source.android.com/docs/security/bulletin/2024-07-01 (Advisory)
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities;
- https://nvd.nist.gov/vuln/detail/CVE-2024-4610
- agent/first-publish-date
- agent/type
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-4610
- collector/the-register
- source/The Register
- alias/CVE-2023-50868
- alias/CVE-2024-30080
- alias/CVE-2024-30078
- alias/CVE-2024-4577
- alias/CVE-2024-28995
- alias/CVE-2024-23110
- agent/remedy
- agent/description
- alias/CVE-2024-32896
- alias/CVE-2024-29745
- alias/CVE-2024-29748
- agent/weakness
- agent/title
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-cve
- vendor/google
- canonical/google android
- vendor/arm
- canonical/arm bifrost gpu kernel driver
- version/arm bifrost gpu kernel driver/r34p0
- canonical/arm valhall gpu kernel driver
- version/arm valhall gpu kernel driver/r34p0
- canonical/arm mali gpu kernel driver