Lucene search

ArmCVE-2024-4607

HistoryAug 05, 2024 - 12:15 p.m.

CVE-2024-4607

2024-08-0512:15:34

CWE-416

Arm

web.nvd.nist.gov

arm ltd

bifrost gpu

valhall gpu

kernel driver

memory processing

local user

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0.

Affected configurations

Nvd

Node

arm5th_gen_gpu_architecture_kernel_driverRanger41p0–r50p0

armbifrost_gpu_kernel_driverRanger41p0–r50p0

armvalhall_gpu_kernel_driverRanger41p0–r50p0

VendorProductVersionCPE
arm5th_gen_gpu_architecture_kernel_driver*cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*
armbifrost_gpu_kernel_driver*cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*
armvalhall_gpu_kernel_driver*cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arm	5th_gen_gpu_architecture_kernel_driver	*	cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver::::::::
arm	bifrost_gpu_kernel_driver	*	cpe:2.3:a:arm:bifrost_gpu_kernel_driver::::::::
arm	valhall_gpu_kernel_driver	*	cpe:2.3:a:arm:valhall_gpu_kernel_driver::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Bifrost GPU Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r50p0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "r49p0",
        "status": "affected",
        "version": "r41p0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Valhall GPU Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r50p0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "r49p0",
        "status": "affected",
        "version": "r41p0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Arm 5th Gen GPU Architecture Kernel Driver",
    "vendor": "Arm Ltd",
    "versions": [
      {
        "changes": [
          {
            "at": "r50p0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "r49p0",
        "status": "affected",
        "version": "r41p0",
        "versionType": "patch"
      }
    ]
  }
]

References

developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

Related for CVE-2024-4607