CVE DATABASE / CVE-2024-4610
CVE-2024-4610
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Confirmed exploited in the wild. Added 2024-06-12.
Federal remediation due 2024-07-03.
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Summary
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.
CVSS 3.1 breakdown
| Base score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4610
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-23. Always verify against the vendor advisory before acting.