cbcvebase.
CVE-2024-1067
published 2024-05-03

CVE-2024-1067: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows…

PriorityP340high7.4CVSS 3.1
AVLACHPRNUINSUCHIHAH
EPSS
0.16%
5.3th percentile
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the Linux Kernel and Mali GPU kernel driver configurations that would allow the GPU operations to affect the userspace memory of other processes. This issue affects Bifrost GPU Kernel Driver: from r41p0 through r47p0; Valhall GPU Kernel Driver: from r41p0 through r47p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.

Affected

7 ranges
VendorProductVersion rangeFixed in
arm5th_gen_gpu_architecture_kernel_driver>= r41p0 < r48p0r48p0
armbifrost_gpu_kernel_driver>= r41p0 < r48p0r48p0
armvalhall_gpu_kernel_driver>= r41p0 < r48p0r48p0
arm_ltdarm_5th_gen_gpu_architecture_kernel_driverr41p0 – r47p0
arm_ltdbifrost_gpu_kernel_driverr41p0 – r47p0
arm_ltdvalhall_gpu_kernel_driverr41p0 – r47p0
googleandroid

CVSS provenance

nvdv3.17.4HIGHCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.