Date of issue: 3rd May 2024
Preface: The Mali-G720 and Mali-G620 GPUs complete the world-class GPU portfolio for a wide range of consumer devices. After four generations of GPUs on the fourth-generation Valhall architecture, the latest Arm GPUs are built on a new fifth-generation GPU architecture (called Gen 5).
Background: The New 5th Gen Arm GPU Architecture
The 5th Gen GPU architecture introduces a key feature called Deferred Vertex Shading (DVS), which revolutionizes data flow within the GPU and expands the number of GPU cores, reaching up to 16 cores for enhanced performance.
The Arm 5th Gen GPU architecture is the most efficient GPU architecture Arm has ever created, designed with CPU and system architecture in mind. It redefines parts of the graphics pipeline to significantly reduce memory bandwidth, thus improving total system efficiency and power.
Technical reference: It solves the bandwidth problem of the traditional model because the fragment shader reads a small block each time and puts it on the chip. It does not need to read the memory frequently until the final operation is completed and then writes it to the memory. You can even further reduce memory reads and writes by compressing tiles. In addition, when some areas of the image are fixed, the function can be called to determine whether the tiles are the same to reduce repeated rendering.
Vulnerability details: A local non-privileged user can make improper GPU memory processing operations. On Armv8.0 cores, there are certain combinations of the Linux Kernel and Mali GPU kernel driver configurations that would allow the GPU operations to affect the userspace memory of other processes.
Ref: Arm did not provide details. Is the senario on attached diagram similar to this CVE?
Resolution: This issue is fixed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Kernel Driver r48p0. Users are recommended to upgrade if they are impacted by this issue.
Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-1067