PT-2024-14597 · Arm · Arm Bifrost Gpu Kernel Driver+1
Published
2024-02-05
·
Updated
2024-07-03
·
CVE-2023-5249
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Arm Ltd Bifrost GPU Kernel Driver versions r35p0 through r40p0
Arm Ltd Valhall GPU Kernel Driver versions r35p0 through r40p0
Description
The issue allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, this can cause a use-after-free.
Recommendations
For Arm Ltd Bifrost GPU Kernel Driver versions r35p0 through r40p0, update to a version outside of this range to resolve the issue.
For Arm Ltd Valhall GPU Kernel Driver versions r35p0 through r40p0, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to the GPU Kernel Drivers until a patch is available.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arm Bifrost Gpu Kernel Driver
Arm Valhall Gpu Kernel Driver