CVE-2024-4610
published 2024-06-07CVE-2024-4610: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU…
PriorityP181high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-07-03
Exploited in the wild
EPSS
0.76%
50.6th percentile
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | >= r34p0 < r41p0 | r41p0 |
| arm | valhall_gpu_kernel_driver | >= r34p0 < r41p0 | r41p0 |
| arm_ltd | bifrost_gpu_kernel_driver | r34p0 – r40p0 | — |
| arm_ltd | valhall_gpu_kernel_driver | r34p0 – r40p0 | — |
| android | — | — | |
| linux | linux_kernel | >= 0 < 6.1.85-1 | 6.1.85-1 |
| linux | linux_kernel | >= 0 < 6.7.12-1 | 6.7.12-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is a Use-After-Free in Arm Bifrost and Valhall GPU Kernel Drivers; exploitable by a local non-privileged user via improper GPU memory processing operations to access already freed memory. ↗
- →CVE-2024-4610 is listed in CISA KEV (Known Exploited Vulnerabilities), indicating active in-the-wild exploitation; prioritize patching on Android/Mali GPU devices. ↗
- →Affected component is the Mali GPU Kernel Driver (Android); Android Security Bulletin July 2024 tracks this under component 'Mali' with reference A-260126994. ↗
- ·Affected driver versions are Bifrost GPU Kernel Driver r34p0 through r40p0 and Valhall GPU Kernel Driver r34p0 through r40p0; versions outside this range are not affected. ↗
- ·Red Hat Enterprise Linux kernel packages (versions 6–10, including kernel-rt) are confirmed not affected, as the Mali GPU driver is not present in mainline RHEL kernels. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: x86/bugs: Use code segment selector for VERW operand
vendor_redhat·2024-10-29·CVSS 5.5
CVE-2024-50072 [MEDIUM] CWE-20 kernel: x86/bugs: Use code segment selector for VERW operand
kernel: x86/bugs: Use code segment selector for VERW operand
In the Linux kernel, the following vulnerability has been resolved:
x86/bugs: Use code segment selector for VERW operand
Robert Gill reported below #GP in 32-bit mode when dosemu software was
executing vm86() system call:
general protection fault: 0000 [#1] PREEMPT SMP
CPU: 4 PID: 4610 Comm: dosemu.bin Not tainted 6.6.21-gentoo-x86 #1
Hardware name: Dell Inc. PowerEdge 1950/0H723K, BIOS 2.7.0 10/30/2010
EIP: restore_all_switch_stack+0xbe/0xcf
EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000
ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: ff8affdc
DS: 0000 ES: 0000 FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010046
CR0: 80050033 CR2: 00c2101c CR3: 04b6d000 CR4: 000406d0
Call Trace:
show_regs+0x70/0x78
die_addr+0x29/0x70
exc_genera
Android
CVE-2024-4610: Mali
vendor_android·2024-07-01·CVSS 7.8
CVE-2024-4610 [HIGH] CVE-2024-4610: Mali
Android Security Bulletin 2024-07-01
CVE: CVE-2024-4610
Severity: HIGH
Component: Mali
References: A-260126994 *
CISA
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
cisa·2024-06-12·CVSS 7.8
CVE-2024-4610 [HIGH] CWE-416 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Vulnerability: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Affected: Arm Mali GPU Kernel Driver
Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2024-4610
Remediation Due Date: 2024-07-03
Red Hat
hw:arm: Mali GPU Kernel Driver allows improper GPU memory processing operations
vendor_redhat·2024-06-07·CVSS 7.8
CVE-2024-4610 [HIGH] CWE-416 hw:arm: Mali GPU Kernel Driver allows improper GPU memory processing operations
hw:arm: Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.
A use-after-free vulnerability was found in the Arm Ltd Bifrost GPU kernel driver. The Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. This issue affects the Bifrost GPU Kernel Driver from r34p0 through r40p0 and the Valhall GPU Kernel Driver from r34p0 thr
GHSA
GHSA-p5rh-rvqf-4976: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improp
ghsa_unreviewed·2024-06-07
CVE-2024-4610 [MEDIUM] CWE-416 GHSA-p5rh-rvqf-4976: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improp
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.
OSV
CVE-2024-26929: In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix double free of fcport
The server was crashing after LOGO beca
osv·2024-05-01
CVE-2024-26929 CVE-2024-26929: In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix double free of fcport
The server was crashing after LOGO beca
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix double free of fcport
The server was crashing after LOGO because fcport was getting freed twice.
-----------[ cut here ]-----------
kernel BUG at mm/slub.c:371!
invalid opcode: 0000 1 SMP PTI
CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1
Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021
RIP: 0010:set_freepointer.part.57+0x0/0x10
RSP: 0018:ffffb07107027d90 EFLAGS: 00010246
RAX: ffff9cb7e3150000 RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400
RDX: 0000000000001f37 RSI: 0000000000000000 RDI: ffff9cb7c0005500
RBP: fffff693448c5400 R08: 0000000080000000 R09: 0000000000000009
R10: 0000000000000000 R11: 0000000000132af0 R12: ff
VulnCheck
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
vulncheck·2024·CVSS 7.8
CVE-2024-4610 [HIGH] CWE-416 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.
Affected: Arm Mali GPU Kernel Driver
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://ti.qianxin.com/uploads/2024/08/19/2274f632f6a1d8acd2f1801c24887edb.p
No detection rules found.
No public exploits indexed.
Mandiant
Intellexa’s Prolific Zero-Day Exploits Continue
blogs_mandiant·2025-12-03
Intellexa’s Prolific Zero-Day Exploits Continue
Threat Intelligence
# Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
December 3, 2025
##### Google Threat Intelligence Group
##### Google Threat Intelligence
Visibility and context on the threats that matter most.
Contact Us & Get a Demo
### Introduction
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government. New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving.
Intellexa has adapted, evaded restrictions, and continues selling digital weapons to the highest bidders. Alongside
Mandiant
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
blogs_mandiant·2025-12-03
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
## Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
## Google Threat Intelligence Group
## Google Threat Intelligence
Visibility and context on the threats that matter most.
## Introduction
Despite extensive scrutiny and public reporting , commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government . New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving .
Intellexa has adapted, evaded restrictions, and continues selling digital weapons to the highest bidders. Alongside research published by our colleagues from Recorded Future and Amne
Bugzilla
CVE-2024-4610 hw:arm: Mali GPU Kernel Driver allows improper GPU memory processing operations
bugzilla·2024-06-13·CVSS 7.8
CVE-2024-4610 [HIGH] CVE-2024-4610 hw:arm: Mali GPU Kernel Driver allows improper GPU memory processing operations
CVE-2024-4610 hw:arm: Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
2024-06-07
Published
2024-06-12
Added to CISA KEV
Exploited in the wild