Arm Points Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation

October 3, 2023

Oct 03, 2023THNCyber Assault / Vulnerability

Mali GPU Kernel Driver Vulnerability

Arm has launched safety patches to include a safety flaw within the Mali GPU Kernel Driver that has come below lively exploitation within the wild.

Tracked as CVE-2023-4211, the shortcoming impacts the next driver variations –

  • Midgard GPU Kernel Driver: All variations from r12p0 – r32p0
  • Bifrost GPU Kernel Driver: All variations from r0p0 – r42p0
  • Valhall GPU Kernel Driver: All variations from r19p0 – r42p0
  • Arm fifth Gen GPU Structure Kernel Driver: All variations from r41p0 – r42p0

“A neighborhood non-privileged person could make improper GPU reminiscence processing operations to realize entry to already freed reminiscence,” Arm said in a Monday advisory. “There may be proof that this vulnerability could also be below restricted, focused exploitation.”

Cybersecurity

The problem, credited to Maddie Stone of Google’s Risk Evaluation Group (TAG) and Jann Horn of Google Undertaking Zero, has been addressed in Bifrost, Valhall and Arm fifth Gen GPU Structure Kernel Driver r43p0.

Google, in its personal month-to-month Android Security Bulletin for October 2023, mentioned it discovered indications of focused exploitation of CVE-2023-4211 and CVE-2023-4863, a extreme flaw impacting the WebP picture format within the Chrome internet browser that was patched final month.

Actual specifics surrounding the character of the assaults are nonetheless unclear, however indications are that they might have been weaponized as a part of a spyware and adware marketing campaign focusing on high-risk people.

Additionally resolved by Arm are two different flaws within the Mali GPU Kernel Driver that permit for improper GPU reminiscence processing operations –

  • CVE-2023-33200 – A neighborhood non-privileged person could make improper GPU processing operations to use a software program race situation. If the system’s reminiscence is fastidiously ready by the person, then this in flip may give them entry to already freed reminiscence.
  • CVE-2023-34970 – A neighborhood non-privileged person could make improper GPU processing operations to entry a restricted quantity outdoors of buffer bounds or to use a software program race situation. If the system’s reminiscence is fastidiously ready by the person, then this, in flip, may give them entry to already freed reminiscence.

This isn’t the primary time flaws in Arm Mali GPU Kernel Driver have come below lively exploitation. Earlier this 12 months, Google TAG disclosed that CVE-2023-26083 was abused along side a collection of 4 different flaws by a spyware and adware vendor to penetrate Samsung units.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.

Tags: , , , , , , , , ,

More Stories

Ex-worker phished former employer to illegally hack community and steal knowledge

December 4, 2023

Breach Affected All Buyer Assist Customers – Krebs on Safety

December 3, 2023

Is China waging a cyber struggle with Taiwan?

December 2, 2023

Latest Post

Did Home windows 11’s 2023 Replace decelerate your PC? Do this

December 4, 2023

AIDA64 Hits A New Benchmark With v7.00

December 4, 2023

Ex-worker phished former employer to illegally hack community and steal knowledge

December 4, 2023

Aqara Launches New E1 Safety Digital camera with Superior Options

December 4, 2023

Warner Bros. Discovery Administration Voluntarily Acknowledges Animation Manufacturing Staff Unionization Request

December 4, 2023