CVE-2024-0153

Mali GPU Firmware allows improper GPU processing operations

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware allows a local non-privileged user to make improper GPU processing operations to access a limited amount outside of buffer bounds. If the operations are carefully prepared, then this in turn could give them access to all system memory. This issue affects Valhall GPU Firmware: from r29p0 through r46p0; Arm 5th Gen GPU Architecture Firmware: from r41p0 through r46p0.

Remediation

Solution:

This issue is fixed in Valhall and Arm 5th Gen GPU Architecture Firmware r47p0. Users are recommended to upgrade if they are impacted by this issue.

References

Link	Tags
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-0153?: CVE-2024-0153 has been scored as a high severity vulnerability.
How to fix CVE-2024-0153?: To fix CVE-2024-0153: This issue is fixed in Valhall and Arm 5th Gen GPU Architecture Firmware r47p0. Users are recommended to upgrade if they are impacted by this issue.
Is CVE-2024-0153 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-0153 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-0153?: CVE-2024-0153 affects Arm Ltd Valhall GPU Firmware, Arm Ltd Arm 5th Gen GPU Architecture Firmware.

Description

Remediation

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions