CVE-2024-1065 in Bifrost GPU Kernel Driver
Summary
by MITRE • 04/19/2024
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r45p0 through r48p0; Valhall GPU Kernel Driver: from r45p0 through r48p0; Arm 5th Gen GPU Architecture Kernel Driver: from r45p0 through r48p0.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 04/19/2024
This vulnerability represents a critical use-after-free condition in Arm Ltd's GPU kernel drivers affecting multiple GPU architectures including Bifrost, Valhall, and the 5th Generation GPU architecture. The flaw occurs within the kernel driver components responsible for GPU memory management operations, where improper handling of memory allocation and deallocation sequences creates opportunities for memory corruption. A local non-privileged user can exploit this vulnerability by crafting specific GPU memory processing operations that manipulate freed memory regions, potentially leading to arbitrary code execution or privilege escalation within the kernel space. The affected versions span from release r45p0 through r48p0 across all three GPU driver implementations, indicating a widespread impact across multiple generations of Arm GPU architectures. This vulnerability falls under CWE-416 which specifically addresses use-after-free errors, where a program continues to reference memory after it has been freed, creating potential for memory corruption and exploitation.
The operational impact of this vulnerability extends beyond simple memory corruption as it enables local privilege escalation attacks that can compromise the integrity of the entire GPU subsystem. When a user-space application or process triggers the flawed memory handling sequence, the kernel driver's memory management routines fail to properly validate memory access patterns, allowing the attacker to access freed memory locations that may contain sensitive data or control structures. This creates opportunities for information disclosure, system stability degradation, or more severe exploitation techniques that could lead to full system compromise. The vulnerability's presence in multiple GPU driver implementations suggests that attackers can potentially leverage similar exploitation techniques across different Arm GPU architectures, amplifying the overall risk assessment. According to ATT&CK framework, this vulnerability maps to T1068 (Exploitation for Privilege Escalation) and T1547.001 (Registry Run Keys / Startup Folder) as exploitation could enable persistent access through kernel-level modifications.
Mitigation strategies should focus on immediate driver updates from Arm Ltd to address the specific memory handling flaws in the affected release versions. System administrators should implement kernel memory protection mechanisms such as stack canaries, memory randomization, and kernel address space layout randomization to increase the difficulty of exploitation. Additionally, monitoring for unusual GPU memory access patterns and implementing strict access controls for GPU device nodes can help detect potential exploitation attempts. The vulnerability demonstrates the critical importance of proper memory management in kernel drivers and highlights the need for comprehensive testing of memory allocation/deallocation sequences in GPU subsystems. Organizations should also consider implementing runtime protection measures such as kernel module signing and integrity verification to prevent unauthorized modifications to GPU driver components. The affected drivers represent a significant attack surface for local privilege escalation and should be prioritized for immediate patching in environments where GPU resources are exposed to untrusted users or applications.