How severe is CVE-2024-1067?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2024-1067?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2024-1067 - HIGH Severity | CVSS 7.4

Vulnerability Description

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the Linux Kernel and Mali GPU kernel driver configurations that would allow the GPU operations to affect the userspace memory of other processes. This issue affects Bifrost GPU Kernel Driver: from r41p0 through r47p0; Valhall GPU Kernel Driver: from r41p0 through r47p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r47p0.

Related Vulnerabilities

CVE-2019-13768

HIGH

CVSS:7.4(High)

Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)

CWE-4162019

CVE-2022-2042

HIGH

CVSS:7.4(High)

Use After Free in GitHub repository vim/vim prior to 8.2.

CWE-4162022

CVE-2022-48666

HIGH

CVSS:7.4(High)

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free There are two .exit_cmd_priv implementations. Both implementations use resources associated with th...

CWE-4162022

CVE-2023-40107

HIGH

CVSS:7.4(High)

In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User int...

CWE-4162023

CVE-2024-23716

HIGH

CVSS:7.4(High)

In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution priv...

CWE-4162024

CVE-2024-27052

HIGH

CVSS:7.4(High)

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped. To avoid a ...

CWE-4162024