Security News > 2024 > June > Arm warns of actively exploited flaw in Mali GPU kernel drivers

Arm warns of actively exploited flaw in Mali GPU kernel drivers
2024-06-10 22:53

Arm has issued a security bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that is being exploited in the wild.

The security issue is tracked as CVE-2024-4610 and is a use-after-free vulnerability that impacts all versions of Bifrost and Valhall drivers from r34p0 through r40p0.

"A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory," Arm explains.

The chip maker fixed the vulnerability in version r41p0 of Bifrost and Valhall GPU Kernel Driver, which was released in on November 24, 2022.

Valhall GPUs are present in high-end smartphones/tables with chips such as the Mali G57 and G77, automotive infotainment systems, and high-performance smart TVs. It is important to note that some of the impacted devices may no longer be supported with security updates.

CISA warns of actively exploited Linux privilege elevation flaw.


News URL

https://www.bleepingcomputer.com/news/security/arm-warns-of-actively-exploited-flaw-in-mali-gpu-kernel-drivers/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-06-07 CVE-2024-4610 Use After Free vulnerability in ARM products
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.
local
low complexity
arm CWE-416
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
ARM 78 6 43 61 18 128
Kernel 3 0 8 4 1 13