CVE-2024-0153 — Improper Restriction of Operations within the Bounds of a Memory Buffer in ARM 5TH GEN GPU Architecture Firmware

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 67.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ARM 5TH GEN GPU Architecture Firmware ARM Valhall GPU Firmware ARM LTD ARM 5TH GEN GPU Architecture Firmware +2 more

Timeline

PublishedJul 1

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Fir…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDarm/valhall_gpu_firmwarer29p0 — r47p0

▶NVDarm/5th_gen_gpu_architecture_firmwarer41p0 — r47p0

▶CVEListV5arm_ltd/valhall_gpu_firmwarer29p0 — r46p0

▶CVEListV5arm_ltd/arm_5th_gen_gpu_architecture_firmwarer41p0 — r46p0

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-2983-rc95-vrc7: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Archite↗2024-07-01

▶

📋Vendor Advisories

Android

CVE-2024-0153: Mali↗2024-07-01

▶