Arm Mali GPU Kernel Driver Use-After-Free Vulnerability (CVE-2024-4610)
Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
A local attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2024-07-03 under CISA BOD 22-01.
This is a Use After Free (CWE-416) vulnerability in Arm Mali GPU Kernel Driver. Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0. Exploitation requires local access, low attack complexity, a low-privilege authenticated account, and no user interaction required.
Probably yes if any of these apply:
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2024-06-12 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2024-07-03.
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.