CVE-2024-1067
published 2024-05-03CVE-2024-1067: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows…
PriorityP340high7.4CVSS 3.1
AVLACHPRNUINSUCHIHAH
EPSS
0.16%
5.3th percentile
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the Linux Kernel and Mali GPU kernel driver configurations that would allow the GPU operations to affect the userspace memory of other processes.
This issue affects Bifrost GPU Kernel Driver: from r41p0 through r47p0; Valhall GPU Kernel Driver: from r41p0 through r47p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | 5th_gen_gpu_architecture_kernel_driver | >= r41p0 < r48p0 | r48p0 |
| arm | bifrost_gpu_kernel_driver | >= r41p0 < r48p0 | r48p0 |
| arm | valhall_gpu_kernel_driver | >= r41p0 < r48p0 | r48p0 |
| arm_ltd | arm_5th_gen_gpu_architecture_kernel_driver | r41p0 – r47p0 | — |
| arm_ltd | bifrost_gpu_kernel_driver | r41p0 – r47p0 | — |
| arm_ltd | valhall_gpu_kernel_driver | r41p0 – r47p0 | — |
| android | — | — |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qj33-w9rx-fhcw: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driv
ghsa_unreviewed·2024-05-03
CVE-2024-1067 [HIGH] CWE-416 GHSA-qj33-w9rx-fhcw: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driv
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the Linux Kernel and Mali GPU kernel driver configurations that would allow the GPU operations to affect the userspace memory of other processes.
This issue affects Bifrost GPU Kernel Driver: from r41p0 through r47p0; Valhall GPU Kernel Driver: from r41p0 through r47p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.
Android
CVE-2024-1067: Mali
vendor_android·2024-05-01·CVSS 7.4
CVE-2024-1067 [HIGH] CVE-2024-1067: Mali
Android Security Bulletin 2024-05-01
CVE: CVE-2024-1067
Severity: HIGH
Component: Mali
References: A-329506905
*
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-03
Published