Skip to main content

Exploitation could allow a local attacker to gain access to freed memory

Threat ID:CC-4511
Threat Severity:Medium
Published:12 June 2024 12:17 PM

Summary

Exploitation could allow a local attacker to gain access to freed memory

Affected platforms

The following platforms are known to be affected:

Threat details

Introduction

Arm has released an advisory addressing a use-after-free vulnerability in their Bifrost and Valhall graphics processing unit (GPU) kernel drivers for the Mali family of products. Mali GPUs are commonly found in smartphones, tablets, smart televisions, and embedded systems. The vulnerability CVE-2024-4610 has a CVSSv3 score of 5.5, which if successfully exploited by a local attacker could allow sensitive information disclosure through accessing already freed memory.


Exploitation of CVE-2024-4610

Arm has recently been made aware of reports of this vulnerability being exploited in the wild, and has now assigned this vulnerability a CVE number despite releasing a patch in 2022.

Previous vulnerabilities in Arm Mali GPU drivers are known to have been exploited by commercial spyware vendors.

Remediation advice

Affected organisations are encouraged to review the Arm Security Advisory for CVE-2024-4610. Additionally, organisations are strongly encouraged to update their Mali Bifrost and Valhall GPU kernel drivers to version r41p0 or higher. The update will be available through either:

Definitive source of threat updates

CVE Vulnerabilities

StatusPublished
CVE-2024-4610Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.

Last edited: 12 June 2024 12:17 pm

Back to top