Arm Releases Security Advisory for Exploited Mali GPU Driver Vulnerability
Exploitation could allow a local attacker to gain access to freed memory
Summary
Exploitation could allow a local attacker to gain access to freed memory
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Arm has released an advisory addressing a use-after-free vulnerability in their Bifrost and Valhall graphics processing unit (GPU) kernel drivers for the Mali family of products. Mali GPUs are commonly found in smartphones, tablets, smart televisions, and embedded systems. The vulnerability CVE-2024-4610 has a CVSSv3 score of 5.5, which if successfully exploited by a local attacker could allow sensitive information disclosure through accessing already freed memory.
Exploitation of CVE-2024-4610
Arm has recently been made aware of reports of this vulnerability being exploited in the wild, and has now assigned this vulnerability a CVE number despite releasing a patch in 2022.
Previous vulnerabilities in Arm Mali GPU drivers are known to have been exploited by commercial spyware vendors.
Remediation advice
Affected organisations are encouraged to review the Arm Security Advisory for CVE-2024-4610. Additionally, organisations are strongly encouraged to update their Mali Bifrost and Valhall GPU kernel drivers to version r41p0 or higher. The update will be available through either:
- the affected device's original equipment manufacturer (OEM) software update process.
- the Arm Mali Drivers download page.
Definitive source of threat updates
Last edited: 12 June 2024 12:17 pm