CVE-2024-4610

Name of the Vulnerable Software and Affected Versions: Arm Mali GPU Kernel Driver versions r34p0 through r40p0 Valhall GPU Kernel Driver versions r34p0 through r40p0

Description: The issue is related to a Use-After-Free vulnerability in the Arm Mali GPU Kernel Driver, which can allow a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. This can potentially enable an attacker to execute arbitrary code. The vulnerability is currently being exploited, putting millions of devices at risk.

Recommendations: For Bifrost GPU Kernel Driver versions r34p0 through r40p0, update to a version outside of this range to resolve the issue. For Valhall GPU Kernel Driver versions r34p0 through r40p0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the GPU memory processing operations until a patch is available.