⚠ Actively exploited
Added to CISA KEV on 2024-06-12. Federal agencies required to patch by 2024-07-03. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2024-4610 — Use After Free in ARM Bifrost GPU Kernel Driver
Severity
7.8HIGHNVD
EPSS
0.8%
top 26.61%
CISA KEV
KEV
Added 2024-06-12
Due 2024-07-03
Exploit
Exploited in wild
Active exploitation observed
Timeline
PublishedJun 7
KEV addedJun 12
KEV dueJul 3
Latest updateDec 3
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages6 packages
🔴Vulnerability Details
3GHSA▶
GHSA-p5rh-rvqf-4976: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improp↗2024-06-07
OSV▶
CVE-2024-26929: In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix double free of fcport
The server was crashing after LOGO beca↗2024-05-01
📋Vendor Advisories
4🕵️Threat Intelligence
2💬Community
1Bugzilla▶
CVE-2024-4610 hw:arm: Mali GPU Kernel Driver allows improper GPU memory processing operations↗2024-06-13