Security News > 2023 > October > Arm warns of Mali GPU flaws likely exploited in targeted attacks
Arm in a security advisory today is warning of an actively exploited vulnerability affecting the widely-used Mali GPU drivers.
The flaw is currently tracked as CVE-2023-4211 and was discovered and reported to Arm by researchers of Google's Threat Analysis Group and Project Zero.
"A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory," Arm explains in the advisory.
Arm's fifth-gen GPU architecture was introduced to the market in May 2023, with the Mali-G720 and Mali-G620 chips aimed at premium, high-performance smartphones.
The vendor says that the vulnerability has been addressed for the Bifrost, Valhall, and Arm 5th Gen GPU architecture with kernel driver version r43p0.
Other flaws Arm disclosed in the same bulletin are CVE-2023-33200 and CVE-2023-34970, which allow a non-privileged user to exploit a race condition to perform improper GPU operations to access already freed memory.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-03 | CVE-2023-34970 | Out-of-bounds Write vulnerability in ARM Mali GPU Kernel Driver and Valhall GPU Kernel Driver A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. | 4.7 |
| 2023-10-03 | CVE-2023-33200 | Use After Free vulnerability in ARM products A local non-privileged user can make improper GPU processing operations to exploit a software race condition. | 4.7 |
| 2023-10-01 | CVE-2023-4211 | Use After Free vulnerability in ARM products A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. | 5.5 |