CVE-2024-4610 – A Use After Free vulnerability in Arm's Bifrost... (How to Fix)

Q: What is the severity of CVE-2024-4610?

CVE-2024-4610 has a CVSS score of 7.8 (HIGH). A Use After Free vulnerability in Arm's Bifrost and Valhall GPU kernel drivers allows local non-privileged users to access freed memory through improper GPU memory operations. This could lead to privilege escalation, denial of service, or information disclosure. Affected users include those with devices using Arm Mali GPUs with driver versions r34p0 through r40p0.

📋 TL;DR

A Use After Free vulnerability in Arm's Bifrost and Valhall GPU kernel drivers allows local non-privileged users to access freed memory through improper GPU memory operations. This could lead to privilege escalation, denial of service, or information disclosure. Affected users include those with devices using Arm Mali GPUs with driver versions r34p0 through r40p0.

💻 Affected Systems

Products:

Arm Ltd Bifrost GPU Kernel Driver
Arm Ltd Valhall GPU Kernel Driver

Versions: r34p0 through r40p0

Operating Systems: Android, Linux systems with Arm Mali GPUs

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using Arm Mali GPUs with vulnerable driver versions. Commonly found in mobile devices, embedded systems, and some ARM-based servers.

📦 What is this software?

Bifrost Gpu Kernel Driver by Arm

View all CVEs affecting Bifrost Gpu Kernel Driver →

Valhall Gpu Kernel Driver by Arm

View all CVEs affecting Valhall Gpu Kernel Driver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level access, enabling complete system compromise, data theft, or persistent malware installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated privileges, potentially leading to data access, system manipulation, or further exploitation.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and privilege escalation mechanisms are monitored.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring local access to exploit.

🏢 Internal Only: HIGH - Local users (including compromised accounts) can exploit this to escalate privileges within the system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of GPU memory operations. Listed in CISA's Known Exploited Vulnerabilities catalog suggesting potential active exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after r40p0

Vendor Advisory: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Restart Required: Yes

Instructions:

1. Check current GPU driver version. 2. Obtain updated driver from device manufacturer or Arm. 3. Apply driver update following manufacturer instructions. 4. Reboot system to load new driver.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts and implement strict access controls to reduce attack surface.

Disable unnecessary GPU features

linux

If possible, disable GPU acceleration for non-critical applications to reduce exposure.

🧯 If You Can't Patch

Implement strict local user access controls and monitor for privilege escalation attempts.
Isolate affected systems from critical networks and implement application allowlisting.

🔍 How to Verify

Check if Vulnerable:

Check GPU driver version via device system information or manufacturer tools. Vulnerable if version is between r34p0 and r40p0 inclusive.

Check Version:

Device/system specific - typically via 'cat /proc/gpuinfo' or manufacturer diagnostic tools on Linux/Android systems.

Verify Fix Applied:

Confirm GPU driver version is r41p0 or later after update.

📡 Detection & Monitoring

Log Indicators:

Unusual GPU driver crashes
Kernel panic logs related to GPU
Failed privilege escalation attempts

Network Indicators:

None - local vulnerability only

SIEM Query:

Search for kernel logs containing 'GPU', 'Mali', 'Bifrost', 'Valhall' with error or crash indicators.

📊 Metadata

CVE ID: CVE-2024-4610

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: June 7, 2024

Last Updated: October 23, 2025

🔗 References

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities Vendor Advisory
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4610 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4610, you might also want to check these: