Lucene search

ArmCVE-2024-2937

HistoryAug 05, 2024 - 12:15 p.m.

CVE-2024-2937

2024-08-0512:15:34

CWE-416

Arm

web.nvd.nist.gov

arm gpu drivers

use after free

local user access

freed memory

cve-2024-2937

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.

Affected configurations

Nvd

Node

arm5th_gen_gpu_architecture_kernel_driverRanger41p0–r50p0

armbifrost_gpu_kernel_driverRanger41p0–r50p0

armvalhall_gpu_kernel_driverRanger41p0–r50p0

VendorProductVersionCPE
arm5th_gen_gpu_architecture_kernel_driver*cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*
armbifrost_gpu_kernel_driver*cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*
armvalhall_gpu_kernel_driver*cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arm	5th_gen_gpu_architecture_kernel_driver	*	cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver::::::::
arm	bifrost_gpu_kernel_driver	*	cpe:2.3:a:arm:bifrost_gpu_kernel_driver::::::::
arm	valhall_gpu_kernel_driver	*	cpe:2.3:a:arm:valhall_gpu_kernel_driver::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Bifrost GPU Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r50p0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "r49p0",
        "status": "affected",
        "version": "r41p0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Valhall GPU Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r50p0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "r49p0",
        "status": "affected",
        "version": "r41p0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Arm 5th Gen GPU Architecture Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r50p0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "r49p0",
        "status": "affected",
        "version": "r41p0",
        "versionType": "patch"
      }
    ]
  }
]

References

developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

Related for CVE-2024-2937