CVE-2024-4610: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
First published: Fri Jun 07 2024(Updated: )
Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
Credit: arm-security@arm.com arm-security@arm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm Bifrost GPU Kernel Driver | >=r34p0<r41p0 | |
| Arm Ltd Valhall GPU Kernel Driver | >=r34p0<r41p0 | |
| Android | ||
| Arm Mali Graphics Processing Unit (GPU) |
Remedy
This issue is fixed in Bifrost and Valhall GPU Kernel Driver r41p0. Users are recommended to upgrade if they are impacted by this issue.
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/arm-warns-of-actively-exploited-flaw-in-mali-gpu-kernel-drivers/
- https://www.theregister.com/2024/06/12/june_patch_tuesday/
- https://www.bleepingcomputer.com/news/security/google-warns-of-actively-exploited-pixel-firmware-zero-day/
- https://www.bleepingcomputer.com/news/security/google-patches-exploited-android-zero-day-on-pixel-devices/
- https://source.android.com/docs/security/bulletin/2024-07-01/#asterisk
- https://source.android.com/docs/security/bulletin/2024-07-01 (Advisory)
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities;
- https://nvd.nist.gov/vuln/detail/CVE-2024-4610
Frequently Asked Questions
What is the severity of CVE-2024-4610?
CVE-2024-4610 is classified as a medium severity vulnerability due to its potential for local exploitation by non-privileged users.
How do I fix CVE-2024-4610?
To remediate CVE-2024-4610, users should update the Arm Mali and Valhall GPU kernel drivers to the latest patched version.
What type of vulnerability is CVE-2024-4610?
CVE-2024-4610 is a use-after-free vulnerability that can lead to improper GPU memory processing.
Which software is affected by CVE-2024-4610?
CVE-2024-4610 affects the Arm Bifrost and Valhall GPU kernel drivers, particularly those within certain version ranges.
Can CVE-2024-4610 be exploited remotely?
CVE-2024-4610 cannot be exploited remotely as it requires local access by a non-privileged user.
- agent/first-publish-date
- agent/type
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-4610
- collector/the-register
- source/The Register
- alias/CVE-2023-50868
- alias/CVE-2024-30080
- alias/CVE-2024-30078
- alias/CVE-2024-4577
- alias/CVE-2024-28995
- alias/CVE-2024-23110
- agent/remedy
- agent/description
- alias/CVE-2024-32896
- alias/CVE-2024-29745
- alias/CVE-2024-29748
- agent/weakness
- agent/title
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/event
- agent/author
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/android-source
- source/Android
- agent/softwarecombine
- agent/tags
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- vendor/arm
- canonical/arm bifrost gpu kernel driver
- version/arm bifrost gpu kernel driver/r34p0
- canonical/arm ltd valhall gpu kernel driver
- version/arm ltd valhall gpu kernel driver/r34p0
- vendor/google
- canonical/android
- canonical/arm mali graphics processing unit (gpu)