ARM has issued a warning about active exploitations of a security vulnerability in its Mali GPU lineup. The flaw exists in Kernel device drivers for the GPUs and allows a local non-privileged user to make “improper GPU memory processing operations to gain access to already freed memory.” The attacker can leverage this access to load and execute malicious code to exploit other vulnerabilities on the device. They can also install malicious payloads for spying on the user.
ARM has detected active exploitations of this Mali GPU vulnerability
Tracked as CVE-2023-4211, this vulnerability was discovered by Maddie Stone of Google’s Threat Analysis Group and Jann Horn of Google Project Zero. It affects ARM’s Midgard GPU Kernel Driver (version r12p0 – r32p0), Bifrost GPU Kernel Driver (version r0p0 – r42p0), Valhall GPU Kernel Driver (version r19p0 – r42p0), and the 5th Gen GPU Architecture Kernel Driver (version r41p0 – r42p0).
The company says it has already released patches for the issue on the latter three drivers with version r43p0. It has urged vendors to contact its support team for patch details for the Midgard GPUs. However, ARM also noted that it has found evidence of “limited, targeted exploitation” of this vulnerability. Users with a device featuring the affected Mali GPUs should update their devices as soon as possible to stay safe from potential security risks.
As noted by ArsTechnica, Google has already pushed the patch for CVE-2023-4211 to Pixel devices with the September security update. The Android maker has also released the patch for affected Chromebooks. However, Google phones aren’t the only ones affected by this vulnerability. Samsung‘s Galaxy S20 and Galaxy S21 series, Motorola Edge 40, OnePlus Nord 2, and phones from Asus, Redmi, Honor, RealMe, Xiaomi, and Oppo are at risk too.
Some MediaTek chips and Linux devices also make use of the affected Mali GPUs. Many of these devices don’t seem to have received the patch yet. Hopefully, the OEMs will give importance to their users’ safety and roll out the patch soon. If you haven’t received a new security update recently, be vigilant and avoid installing apps from unknown sources. “The device driver on patched devices will show as version r44p1 or r45p0,” the report states.
ARM has reported two more Kernel Driver vulnerabilities
ARM’s latest security advisory mentions two more vulnerabilities in Mali GPU Kernel Drivers allowing “improper GPU memory processing operations.” Tracked as CVE-2023-33200 and CVE-2023-34970, the company has already released patches for both security flaws on all affected platforms. There’s no evidence of any exploration of these vulnerabilities yet. However, users should still update their devices to avoid potential exploits in the future.