Lucene search

The Hacker NewsTHN:159CCFBC1D926C8A519124B63B1C5104

HistoryJun 11, 2024 - 6:37 a.m.

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers

2024-06-1106:37:00

The Hacker News

thehackernews.com

arm

zero-day vulnerability

mali gpu

bifrost

valhall

kernel driver

cve-2024-4610

exploited

use-after-free

security advisory

gpu memory

r41p0

r49p0

cybersecurity

commercial spyware

android devices

cy4gate

update

twitter

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.712 High

EPSS

Percentile

98.1%

JSON

Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild.

Tracked as CVE-2024-4610, the use-after-free issue impacts the following products -

Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0)
Valhall GPU Kernel Driver (all versions from r34p0 to r40p0)

“A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory,” the company said in an advisory last week.

The vulnerability has been addressed in Bifrost and Valhall GPU Kernel Driver r41p0. It’s worth noting that this version was released on November 24, 2022. The current version of the drivers is r49p0, which was shipped in April 2024.

When reached for comment, Arm told The Hacker News that while it was addressed in 2022, it was provided additional information that reclassified the problem as a security vulnerability.

“In 2022 Arm fixed a weakness in the r41p0 release for the Bifrost and Valhall Mali GPU kernel driver,” a spokesperson for the company said. “An external researcher recently provided new information which reclassifies this weakness as a vulnerability. After Arm assessed this issue as a vulnerability, a CVE was published.”

The British semiconductor company further acknowledged reports of the shortcoming being exploited in real-world attacks, but did not disclose any additional specifics to prevent further abuse.

That said, previously disclosed zero-day flaws in Arm Mali GPU – CVE-2022-22706, CVE-2022-38181 and CVE-2023-4211 – have been weaponized by commercial spyware vendors for highly targeted attacks aimed at Android devices, with the exploitation of the latter linked to an Italian company named Cy4Gate.

Users of affected products are recommended to update to the appropriate version to secure against potential threats.

(The story was updated after publication on June 17, 2024, to include a response from Arm.)

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.