CVE-2024-4610

ENISA EUVD: EUVD-2024-44219 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 2 articles Published: 2024-06-07

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.76%

probability

This CVE has a 0.76% probability of being exploited in the next 30 days.

0% Top 73.6th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.4

HIGH

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.

Affected Products

Arm Ltd

Bifrost GPU Kernel Driver

r34p0

Arm Ltd

Valhall GPU Kernel Driver

r34p0

arm

bifrost gpu kernel driver

arm

valhall gpu kernel driver

Arm Ltd

Valhall GPU Kernel Driver

r34p0 ≤r40p0

Arm Ltd

Bifrost GPU Kernel Driver

r34p0 ≤r40p0

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-416 · Use After Free CWE-664 · Improper Control of a Resource Through its Lifetime CWE-666 · Operation on Resource in Wrong Phase of Lifetime CWE-672 · Operation on a Resource after Expiration or Release CWE-825 · Expired Pointer Dereference

Google Project Zero

Patched

June 7, 2024

Reported by

???

Root Cause Analysis

???

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.76%

CVSS v3.1 7.4

Mentions 2

Last Seen Jun 12, 2024

CNA Information

CNA Assigner

Arm

CNA Title

Mali GPU Kernel Driver allows improper GPU memory processing operations

Analyst Note

This CVE is a use-after-free vulnerability in widely-deployed ARM GPU drivers affecting both Bifrost and Valhall architectures, with confirmed exploitation documented by Google Project Zero. The high CVSS score (7.4), local privilege escalation potential, and coverage by reputable security sources (BleepingComputer reporting Google patches) provide strong evidence for the confirmed status.

Threat Actors 6

APT 28

apt_group Information theft and espionage 🇷🇺 RU

Infy

apt_group Information theft and espionage 🇮🇷 IR

APT24

apt_group Information theft and espionage 🇨🇳 CN

UNC1549

apt_group Information theft and espionage 🇮🇷 IR

PassCV

apt_group Information theft and espionage 🇨🇳 CN

APT 5

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 03, 2026

Published DateJun 07, 2024