Arm Releases a Fix for an Exploitable Mali GPU Kernel Driver Vulnerability
Arm has made security updates available to address a vulnerability in the Mali GPU Kernel Driver that has been actively exploited in the wild.
The flaw, identified as CVE-2023-4211, affects the following driver versions. –
- Midgard GPU Kernel Driver: All versions from r12p0 – r32p0
- Bifrost GPU Kernel Driver: All versions from r0p0 – r42p0
- Valhall GPU Kernel Driver: All versions from r19p0 – r42p0
- Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 – r42p0
Arm, Monday Advisory
|“A local non-privileged user has the ability to process GPU memory incorrectly in order to access previously freed memory.” “There is proof that this vulnerability might be targeted, but in small numbers.”
The problem has been fixed in Bifrost, Valhall, and Arm 5th Gen GPU Architecture Kernel Driver r43p0, thanks to Maddie Stone of Google’s Threat Analysis Group (TAG) and Jann Horn of Google Project Zero.
In its own monthly Android Security Bulletin for October 2023, Google stated that it discovered signs of targeted exploitation of CVE-2023-4211 and CVE-2023-4863, a critical vulnerability affecting the Chrome web browser’s WebP image format that was patched last month.
Although the exact details of the attacks’ nature are yet unknown, there are signs that they may have been weaponized as part of a spyware campaign that targeted high-risk people.
Two other issues with the Mali GPU Kernel Driver that permit inappropriate GPU memory processing operations were also fixed by Arm –
- CVE-2023-33200 – To take advantage of a software race issue, a local non-privileged user can perform inappropriate GPU processing operations. The user may be granted access to previously released memory if they carefully prepare the system’s memory.
- CVE-2023-34970 – To access a small quantity outside of buffer bounds or to take advantage of a software race issue, a local non-privileged user can perform inappropriate GPU processing operations. The user may have access to previously freed memory if the system’s memory is carefully set up by them.
It is not the first time that vulnerabilities in the Arm Mali GPU Kernel Driver have been actively exploited. Google TAG revealed earlier this year that a spyware vendor used CVE-2023-26083 in combination with a string of four other weaknesses to access Samsung smartphones.
About The Author
Suraj Koli is a content specialist with expertise in Cybersecurity and B2B Domains. He has provided his skills for News4Hackers Blog and Craw Security. Moreover, he has written content for various sectors Business, Law, Food & Beverage, Entertainment, and many others. Koli established his center of the field in a very amazing scenario. Simply said, he started his career selling products, where he enhanced his skills in understanding the product and the point of view of clients from the customer’s perspective, which simplified his journey in the long run. It makes him an interesting personality among other writers. Currently, he is a regular writer at Craw Security.
Read More Blogs Here