Arm Announces Vulnerability in Bifrost and Valhall GPU Drivers

TapTechNews June 11, Arm company yesterday released a security bulletin, reminding that there are vulnerabilities in Bifrost and Valhall GPU kernel drivers, and there is relevant evidence showing that hackers have already used this vulnerability to launch an attack.

The vulnerability tracking number is CVE-2024-4610, which is a use-after-free (UAF) vulnerability that affects all Bifrost and Valhall driver versions from r34p0 to r40p0.

TapTechNews briefly explains the UAF vulnerability. After the application releases the pointer of the memory location, hackers can continue to use this pointer, which usually leads to information leakage and execution of arbitrary codes.

Arm stated in the announcement: Local unprivileged users can carry out improper GPU memory processing operations to obtain access rights to the released memory.

Arm has released version r41p0 of the Bifrost and Valhall GPU kernel driver on November 24, 2022, fixing this vulnerability. Currently, the latest version of the driver is r49p0.

As for why Arm only released this security bulletin recently, it may be that recently attackers have used this vulnerability to launch attacks on previous versions, but the company inadvertently fixed this vulnerability in 2022.

The Mali GPU based on Bifrost is used in smartphones/tablets (G31, G51, G52, G71 and G76), single-board computers, Chromebooks, and various embedded systems.

The high-end smartphones/tablets with chips such as Mali G57 and G77, as well as automotive infotainment systems and high-performance smart TVs all have the presence of Valhall GPU.

It should be noted that some affected devices may no longer support security updates.