Bug 1223185 (CVE-2024-1065)

Summary: VUL-0: CVE-2024-1065: kernel:Use After Free vulnerability in Midgard, Bifrost, Valhall GPU Kernel Drivers
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Oscar Salvador <osalvador>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: osalvador, thomas.leroy
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/402721/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-04-22 07:50:08 UTC 
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver  vulnerability in Arm Ltd Bifrost GPU Kernel Dallows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r45p0 through r48p0; Valhall GPU Kernel Driver: from r45p0 through r48p0; Arm 5th Gen GPU Architecture Kernel Driver: from r45p0 through r48p0.

References:
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1065
https://www.cve.org/CVERecord?id=CVE-2024-1065
Comment 1 Thomas Leroy 2024-04-22 07:50:23 UTC 
As far as I remember, we don't ship those ARM drivers. Leaving open for confirmation from kernel folks
Comment 3 Ivan Ivanov 2024-05-09 12:03:40 UTC 
No idea about these drivers. Moving to HW enablement team.
Comment 4 Patrik Jakobsson 2024-05-10 06:45:40 UTC 
This is not something we've enabled in the HW Enablement team so if the ARM team knows nothing about it I would say we don't support it.
Comment 5 Thomas Leroy 2024-05-23 08:44:47 UTC 
Thanks everyone. Closing