Arm has released security patches to address a security vulnerability in the Mali GPU Kernel Driver that is being actively exploited. Tracked as CVE-2023-4211, this flaw affects several versions of the driver, including Midgard, Bifrost, Valhall, and Arm 5th Gen GPU Architecture Kernel Drivers. The vulnerability allows a local non-privileged user to exploit improper GPU memory processing operations and gain access to already freed memory. Arm has stated that there is evidence of limited, targeted exploitation of this vulnerability.
The credit for discovering this vulnerability goes to Maddie Stone of Google’s Threat Analysis Group (TAG) and Jann Horn of Google Project Zero. Arm has addressed this issue in the Bifrost, Valhall, and Arm 5th Gen GPU Architecture Kernel Driver version r43p0.
In addition to this vulnerability, Google has also found indications of targeted exploitation of another severe flaw, CVE-2023-4863, which impacts the WebP image format in the Chrome web browser. This flaw has been patched in the previous month.
The specific details of the attacks are still unclear, but it is suspected that they may have been used as part of a spyware campaign targeting high-risk individuals.
Arm has also resolved two other flaws in the Mali GPU Kernel Driver. These vulnerabilities, tracked as CVE-2023-33200 and CVE-2023-34970, allow a local non-privileged user to exploit improper GPU memory processing operations. These flaws can be used to exploit software race conditions and gain access to already freed memory if the system’s memory is carefully prepared by the user.
It’s worth noting that this is not the first time vulnerabilities in the Arm Mali GPU Kernel Driver have been actively exploited. Earlier this year, Google TAG reported that CVE-2023-26083 was abused in combination with four other flaws by a spyware vendor to target Samsung devices.
CyberSec84 | Cybersecurity news. 
Leave a comment