Cyber AttackVulnerability

Arm issues patch for Mali GPU kernel driver vulnerability amidst ongoing exploit

Arm has released security patches to fix a security flaw in the Mali GPU kernel .....

by Vikash Kumawat
by Vikash Kumawat 0 comment 64 views

Arm has released security patches to fix a security flaw in the Mali GPU kernel driver that has come under active exploitation in the wild.

Tracked as CVE-2023-4211, this vulnerability affects the following driver versions –

  • Midgard GPU Kernel Driver: All versions from r12p0 – r32p0
  • Bifrost GPU Kernel Driver: All versions from r0p0 – r42p0
  • Valhall GPU Kernel Driver: All versions from r19p0 – r42p0
  • Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 – r42p0

“A local unprivileged user could perform improper GPU memory processing operations to gain access to already free memory,” Arm said in Monday’s advisory. “There is evidence that this vulnerability may be subject to limited, targeted exploitation.”

The issue, credited to Maddie Stone of Google’s Threat Analysis Group (TAG) and Jann Horn of Google Project Zero, has been addressed in the Bifrost, Valhall, and Arm 5th Gen GPU architecture kernel driver r43p0.

Google, in its own monthly Android Security Bulletin for October 2023, said it found indications of targeted exploitation of CVE-2023-4211 and CVE-2023-4863, a severe flaw impacting the WebP image format in the Chrome web browser that was patched last month.

Precise details about the nature of the attacks are still unclear, but there are indications that they may have been weaponized as part of a spyware campaign targeting high-risk individuals.

Two other flaws in the Mali GPU kernel driver that allow improper GPU memory processing operations were also resolved by Arm –

  • CVE-2023-33200 – A local privileged user can perform improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, this may give them access to memory that is already free.
  • CVE-2023-34970 – A local privileged user could perform improper GPU processing operations or exploit a software race condition to access limited volume outside the buffer boundary. If the system’s memory is carefully prepared by the user, this, in turn, can give them access to already free memory.

This is not the first time that the Arm Mali GPU kernel driver flaw has come under active exploitation. Earlier this year, Google TAG revealed that CVE-2023-26083 was exploited along with four other flaws by a spyware vendor to infiltrate Samsung devices.

You may also like

Security expert turns out to be a scammer,...

Chinese hackers exploited FortiGate Flaw to break the...

Hackers are taking advantage of Ivanti VPN flaws...

US cyber security agency warns that Ivanti EPMM...

PAX PoS terminal flaw could allow attackers to...

GitHub turns over keys after high-severity vulnerability exposed...

Zero-day alert: Update Chrome now to fix new...

Balada infects over 7,100 WordPress sites using Injector...

DDoS attacks on the environmental services industry increased...

Nation-State Actors Weaponized Ivanti VPN Zero-Days, Deployed 5...

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

@2022 - All Right Reserved. Designed and Developed by HacksByte

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00