CVE-2024-1065

Name of the Vulnerable Software and Affected Versions: Arm Ltd Bifrost GPU Kernel Driver versions r45p0 through r48p0 Arm Ltd Valhall GPU Kernel Driver versions r45p0 through r48p0 Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver versions r45p0 through r48p0

Description: The issue is related to a Use After Free vulnerability in the kernel drivers for Arm-based Mali graphics processors, specifically those using Bifrost and Valhall architectures. This vulnerability is caused by synchronization errors when accessing shared resources. Exploitation of this issue may allow an attacker to execute arbitrary code. A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

Recommendations: For Arm Ltd Bifrost GPU Kernel Driver versions r45p0 through r48p0, update to a version outside of this range to resolve the issue. For Arm Ltd Valhall GPU Kernel Driver versions r45p0 through r48p0, update to a version outside of this range to resolve the issue. For Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver versions r45p0 through r48p0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the GPU memory processing operations to minimize the risk of exploitation.