Arm has released security patches to fix a security flaw in the Mali GPU kernel driver that has come under active exploitation in the wild.
Tracked as CVE-2023-4211, this vulnerability affects the following driver versions –
- Midgard GPU Kernel Driver: All versions from r12p0 – r32p0
- Bifrost GPU Kernel Driver: All versions from r0p0 – r42p0
- Valhall GPU Kernel Driver: All versions from r19p0 – r42p0
- Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 – r42p0
“A local unprivileged user could perform improper GPU memory processing operations to gain access to already free memory,” Arm said in Monday’s advisory. “There is evidence that this vulnerability may be subject to limited, targeted exploitation.”
The issue, credited to Maddie Stone of Google’s Threat Analysis Group (TAG) and Jann Horn of Google Project Zero, has been addressed in the Bifrost, Valhall, and Arm 5th Gen GPU architecture kernel driver r43p0.
Google, in its own monthly Android Security Bulletin for October 2023, said it found indications of targeted exploitation of CVE-2023-4211 and CVE-2023-4863, a severe flaw impacting the WebP image format in the Chrome web browser that was patched last month.
Precise details about the nature of the attacks are still unclear, but there are indications that they may have been weaponized as part of a spyware campaign targeting high-risk individuals.
Two other flaws in the Mali GPU kernel driver that allow improper GPU memory processing operations were also resolved by Arm –
- CVE-2023-33200 – A local privileged user can perform improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, this may give them access to memory that is already free.
- CVE-2023-34970 – A local privileged user could perform improper GPU processing operations or exploit a software race condition to access limited volume outside the buffer boundary. If the system’s memory is carefully prepared by the user, this, in turn, can give them access to already free memory.
This is not the first time that the Arm Mali GPU kernel driver flaw has come under active exploitation. Earlier this year, Google TAG revealed that CVE-2023-26083 was exploited along with four other flaws by a spyware vendor to infiltrate Samsung devices.