HomeWinBuzzer NewsARM Discloses Exploited Vulnerability in Mali GPU Drivers

ARM Discloses Exploited Vulnerability in Mali GPU Drivers

ARM Mali GPUs are being utilized in smartphones, tablets, Chromebooks, smart TVs, digital set-top boxes (STBs), automotive infotainment systems, wearables and others devices.

-

ARM has informed about a severe security issue within its Mali GPU kernel drivers, specifically affecting the Bifrost and Valhall architectures. The identified flaw, tagged CVE-2024-4610, is currently exploited and requires prompt updates. This adds to a vulnerability of Mali GPU kernel drivers discovered last year, filed under  CVE-2023-4211

ARM Mali GPUs are being utilized in devices like , tablets, , smart TVs, digital set-top boxes (STBs), automotive infotainment systems, wearable devices, embedded systems, IoT devices, development boards, and gaming consoles. Devices that incorporate ARM Mali GPUs are the Apple iPhone 13Samsung Galaxy S21 UltraGoogle Pixel 6 ProAmazon Fire TV Stick 4K MaxRoku UltraNvidia Shield TV, Tesla Model 3 infotainment systemApple WatchSamsung Galaxy Watch 4Raspberry Pi 4, and the Nintendo Switch.

Details of the Security Flaw

The disclosed vulnerability is a use-after-free (UAF) deficiency. This occurs when a program continues to access a memory space that has already been deallocated, potentially giving way to unauthorized data exposure or the execution of arbitrary code. According to ARM, a local user without special privileges could manipulate GPU memory handling operations to exploit this flaw, accessing memory that should be off-limits.

The flaw has already been utilized in real-world attacks. Acknowledging these incidents, ARM has stressed the importance of adopting the latest patched driver versions to secure devices against such threats. For more precise information, ARM's Security Center website contains in-depth guidelines.

ARM strongly advises users with affected devices to update their GPU drivers to the newest versions. Regularly checking for firmware updates from device manufacturers and applying them immediately is crucial for maintaining device security.

Vulnerable Devices

The security flaw affects several models within the Bifrost and Valhall GPU lines. Devices utilizing Bifrost GPUs like the G31, G51, G52, G71, and G76 include a range of smartphones, tablets, single-board computers, and .

Valhall GPUs, including the Mali G57 and G77, are featured in higher-end smartphones, tablets, automotive infotainment systems, and smart TVs. Users are advised to stay vigilant for update notifications to mitigate risk.

Patch Availability

ARM has remedied this issue in the Bifrost and Valhall GPU Kernel Driver version r41p0, launched on November 24, 2022. The most current driver version is r49p0. However, due to the multifaceted nature of the Android ecosystem, users might encounter delays in receiving updates. When ARM publishes a security patch, it must then be incorporated by device manufacturers into their firmware, sometimes requiring carrier approval, adding to potential delays, especially for legacy devices.

The complexity of the Android ecosystem means that even with an available security update from ARM, consumers may face delays. Manufacturers initially need to integrate the patch into their device firmware, and carriers may require approval. This process can cause lag, particularly for older devices lacking active support.

Last Updated on June 13, 2024 6:28 pm CEST

SourceARM
Markus Kasanmascheff
Markus Kasanmascheff
Markus has been covering the tech industry for more than 15 years. He is holding a Master´s degree in International Economics and is the founder and managing editor of Winbuzzer.com.

Recent News

Mastodon