CVE-2024-1065

Published Apr 19, 2024

Last updated a year ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-1065 is identified as a Use After Free vulnerability present in specific Arm Ltd GPU Kernel Drivers. This flaw allows a local, non-privileged user to perform improper GPU memory processing operations. Through these operations, an attacker can gain access to memory that has already been freed. The vulnerability impacts Bifrost GPU Kernel Driver versions from r45p0 through r48p0, Valhall GPU Kernel Driver versions from r45p0 through r48p0, and Arm 5th Gen GPU Architecture Kernel Driver versions from r45p0 through r48p0.

Description: Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r45p0 through r48p0; Valhall GPU Kernel Driver: from r45p0 through r48p0; Arm 5th Gen GPU Architecture Kernel Driver: from r45p0 through r48p0.
Source: arm-security@arm.com
NVD status: Analyzed
Products: 5th_gen_gpu_architecture_kernel_driver, bifrost_gpu_kernel_driver, valhall_gpu_kernel_driver

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.9
Impact score: 3.4
Exploitability score: 2.5
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

arm-security@arm.com: CWE-416
nvd@nist.gov: CWE-416

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 7

🐛New post: Exploiting CVE-2024-1065 via the Page Cache! A strategy for physical-page UAFs in MIGRATE_MOVABLE, where Dirty Pagetable and Dirty Cred don't apply. Demonstrated on the Mali GPU UAF found by Project Zero. https://t.co/2QmH3TFFtt #ExploitDevelopment #KernelSecurit
@kuzeyardabulut
11 Jun 2026
3564 Impressions
21 Retweets
73 Likes
40 Bookmarks
2 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "9F7576FE-3ABA-48C1-8D8C-7278F1B6BEE7",
            "versionEndExcluding": "r49p0",
            "versionStartIncluding": "r45p0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CB4A0EB6-F1CC-4093-B177-CB98F2190B9F",
            "versionEndExcluding": "r49p0",
            "versionStartIncluding": "r45p0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2700488E-4AED-4276-954E-61AC5364A146",
            "versionEndExcluding": "r49p0",
            "versionStartIncluding": "r45p0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.