Final hours! Save up to 55% OFF InvestingProCLAIM SALE

ARM issues warning about exploitations of Mali GPU security vulnerability

EditorHari G
Published 10/03/2023, 05:01 AM
© Reuters.
ARMH
-

Tech giant ARM has issued a warning about active exploitations of a security flaw in its Mali GPU lineup, as reported on Tuesday. The vulnerability, labeled as CVE-2023-4211, was discovered by Maddie Stone of Google (NASDAQ:GOOGL)'s Threat Analysis Group and Jann Horn of Google Project Zero. It affects ARM's Midgard, Bifrost, Valhall, and 5th Gen GPU Architecture Kernel Drivers.

The flaw exists within the kernel device drivers for the GPUs and allows local non-privileged users to make "improper GPU memory processing operations" to access previously freed memory. This access can be leveraged by an attacker to load and execute malicious code, exploit other vulnerabilities on the device, or install malicious payloads for user surveillance.

ARM has detected active exploitations of the vulnerability and has already released patches for the latter three drivers with version r43p0. The company urged vendors to contact its support team for patch details for the Midgard GPUs. Despite these measures, ARM found evidence of "limited, targeted exploitation" of this vulnerability. Users with a device featuring the affected Mali GPUs are advised to update their devices promptly to mitigate potential security risks.

Google has proactively pushed the patch for CVE-2023-4211 to Pixel devices with the September security update and has also released it for affected Chromebooks. However, devices beyond Google phones are impacted by this vulnerability. Samsung (KS:005930)'s Galaxy S20 and Galaxy S21 series, Motorola (NYSE:MSI) Edge 40, OnePlus Nord 2, and phones from Asus, Redmi, Honor, RealMe, Xiaomi (OTC:XIACF), and Oppo are also at risk.

Certain MediaTek chips and Linux devices that use the affected Mali GPUs haven't received the patch yet. Users who haven't received a new security update recently are advised to be vigilant and avoid installing apps from unknown sources. According to reports, "The device driver on patched devices will show as version r44p1 or r45p0."

In addition to CVE-2023-4211, ARM's latest security advisory mentions two more vulnerabilities in Mali GPU Kernel Drivers, tracked as CVE-2023-33200 and CVE-2023-34970. While there's no evidence of any exploration of these vulnerabilities yet, the company has already released patches for both security flaws on all affected platforms. Users are encouraged to update their devices to avoid potential future exploits.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.