Security News > 2023 > October > Arm warns of Mali GPU flaws likely exploited in targeted attacks

Arm warns of Mali GPU flaws likely exploited in targeted attacks
2023-10-02 16:37

Arm in a security advisory today is warning of an actively exploited vulnerability affecting the widely-used Mali GPU drivers.

The flaw is currently tracked as CVE-2023-4211 and was discovered and reported to Arm by researchers of Google's Threat Analysis Group and Project Zero.

"A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory," Arm explains in the advisory.

Arm's fifth-gen GPU architecture was introduced to the market in May 2023, with the Mali-G720 and Mali-G620 chips aimed at premium, high-performance smartphones.

The vendor says that the vulnerability has been addressed for the Bifrost, Valhall, and Arm 5th Gen GPU architecture with kernel driver version r43p0.

Other flaws Arm disclosed in the same bulletin are CVE-2023-33200 and CVE-2023-34970, which allow a non-privileged user to exploit a race condition to perform improper GPU operations to access already freed memory.


News URL

https://www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-03 CVE-2023-34970 Out-of-bounds Write vulnerability in ARM Mali GPU Kernel Driver and Valhall GPU Kernel Driver
A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition.
local
high complexity
arm CWE-787
4.7
2023-10-03 CVE-2023-33200 Use After Free vulnerability in ARM products
A local non-privileged user can make improper GPU processing operations to exploit a software race condition.
local
high complexity
arm CWE-416
4.7
2023-10-01 CVE-2023-4211 Use After Free vulnerability in ARM products
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
local
low complexity
arm CWE-416
5.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
ARM 78 6 44 61 18 129