CVE-2024-1395Use After Free in ARM 5TH GEN GPU Architecture Kernel Driver

CWE-416Use After FreeCWE-1395Dependency on Vulnerable Third-Party ComponentCWE-79Cross-site ScriptingCWE-392Missing Report of Error ConditionCWE-25Path Traversal: '/../filedir'CWE-94Code Injection13 documents5 sources
Severity
6.7MEDIUMNVD
GHSA9.8GHSA7.8GHSA6.1GHSA5.9
EPSS
0.1%
top 78.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
22
Github.com Traefik Traefik V2Github.com Traefik Traefik V3ARM 5TH GEN GPU Architecture Kernel Driver+19 more
Timeline
PublishedMay 3
Latest updateMar 14

Description

Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. This issue affects Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 1.4 | Impact: 5.2

Affected Packages22 packages

PyPIindico/indico< 3.3.4
Packagistpimcore/pimcore11.2.011.2.3+1
PyPIwoodruffw/pyrage1.2.01.2.3

🔴Vulnerability Details

8
GHSA
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs2025-03-14
GHSA
Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-561712025-02-19
GHSA
Vulnerable OpenSSL included in cryptography wheels2025-02-11
GHSA
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution2024-12-19
GHSA
Indico has a Cross-Site-Scripting during account creation2024-09-04

📋Vendor Advisories

3
Microsoft
OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread2024-11-12
Android
CVE-2024-1395: Mali2024-05-01
Microsoft
Azure SDK Spoofing Vulnerability2024-03-12