CVE-2024-6790: Mali GPU Kernel Driver can cause the whole system to become unresponsive
First published: Mon Feb 03 2025(Updated: )
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a non-privileged user process to make valid GPU memory processing operations, including via WebGL or WebGPU, to cause the whole system to become unresponsive.This issue affects Bifrost GPU Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0; Valhall GPU Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0; Arm 5th Gen GPU Architecture Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0.
Credit: arm-security@arm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm Bifrost GPU Kernel Driver | =r44p1>=undefined>=undefined | |
| Arm Ltd Valhall GPU Kernel Driver | =r44p1>=undefined>=undefined | |
| Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver | =r44p1>=undefined>=undefined |
Remedy
This issue is fixed in the Bifrost GPU Kernel Driver r49p1, in the Valhall and Arm 5th Gen GPU Architecture Kernel Driver r49p1 and r52p0. Users are recommended to upgrade if they are impacted by this issue.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-6790?
CVE-2024-6790 is classified as a significant vulnerability that can lead to an infinite loop condition in affected GPU drivers.
How do I fix CVE-2024-6790?
To fix CVE-2024-6790, update the affected Arm GPU drivers to the latest version provided by Arm Ltd.
Who is affected by CVE-2024-6790?
CVE-2024-6790 affects users of the Arm Ltd Bifrost, Valhall, and Arm 5th Gen GPU Kernel Drivers running version r44p1 or earlier.
What impact does CVE-2024-6790 have on users?
CVE-2024-6790 allows non-privileged user processes to perform operations that could lead to stability issues due to an infinite loop in the GPU driver.
Is CVE-2024-6790 publicly known?
CVE-2024-6790 is publicly known and documented, raising awareness for users to take preventive actions.
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/arm ltd
- canonical/arm bifrost gpu kernel driver
- canonical/arm ltd valhall gpu kernel driver
- canonical/arm ltd arm 5th gen gpu architecture kernel driver