On Tuesday, Arm, the British multinational semiconductor and software design company, confirmed and rectified several vulnerabilities in the kernel drivers of Mali GPUs used in Android devices from major manufacturers. The flaws were identified in Midgard, Bifrost, Valhall GPU kernel drivers, and Arm's 5th Gen GPU Architecture Kernel Driver.
The most severe vulnerability (CVE-2023-4211) was reported by Google (NASDAQ:GOOGL)'s Maddie Stone and Jann Horn and is suspected to have been used in targeted attacks by potential state-sponsored actors. This flaw affects devices such as Samsung (KS:005930) Galaxy S20/S20 FE, Xiaomi (OTC:XIACF) Redmi K30/K40, Motorola (NYSE:MSI) Edge 40, and OnePlus Nord 2. Affected driver versions include Midgard (versions r12p0 to r32p0), Bifrost (r0p0 to r42p0), Valhall (r19p0 to r42p0), and 5th Gen (r41p0 to r42p0). Arm has released a fix (version r43p0) for Bifrost, Valhall, and 5th Gen drivers, as reported by BleepingComputer.
In addition to CVE-2023-4211, Arm addressed two other vulnerabilities (CVE-2022-22706, CVE-2023-26083) that were exploited by Variston. The company also delivered fixes for two more vulnerabilities (CVE-2023-33200, CVE-2023-34970) as reported in the Android Security Bulletin for October 2023. Upgrades r44p1 and r45p0 are recommended for these vulnerabilities.
These patches represent a crucial step in maintaining the security of Android devices globally. Arm's swift response to these issues underscores the company's commitment to addressing cybersecurity threats promptly.
This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.