A concerning vulnerability has been discovered in Arm’s Mali line of GPUs, allowing threat actors to access memory that the system has deemed free and no longer in use. Threat actors can inject malicious codes or manipulate the memory using this vulnerability. Arm had issued a warning on Monday regarding this vulnerability.
“A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory,” reads the advisory regarding the impact of the vulnerability.
As per the advisory, this critical issue has been resolved in the Bitfrost, Valhall, and Arm 5th Gen GPU Architecture Kernel Driver r43p0 versions.
If orchestrated by the user, this exploitation of the system’s memory could potentially grant unauthorised access to memory that has already been released.
The significance of gaining access to system memory no longer in use lies in its potential as a common vector for loading malicious code into a location that attackers can subsequently execute. This malicious code often equips them to exploit other vulnerabilities or install malevolent payloads to spy on the device’s user. Typically, attackers gain local access to a mobile device by deceiving users into downloading malicious applications from unofficial sources.
While the advisory mentions the drivers’ vulnerability for the affected GPUs, it does not reference the microcode that operates within the chips themselves.
The vulnerability in question primarily affects Google Pixel devices, distinguished for their regular updates. Google has acted on the vulnerability and released a patch, CVE-2023-4211. Eventually, Chromebooks employing the vulnerable GPUs have also been fortified. Devices bearing a patch level of 2023-09-01 or later are immune to attacks. On patched devices, the device driver will exhibit a version number of r44p1 or r45p0, reported Ars Technica.
The scope of CVE-2023-4211 encompasses a range of Arm GPUs spanning over a decade of releases. These include the Midgard GPU Kernel Driver ((all versions from r12p0 to r32p0), Bifrost GPU Kernel Driver (all versions from r0p0 to r42p0), Valhall GPU Kernel Driver (all versions from r19p0 to r42p0), and Arm 5th Gen GPU Architecture Kernel Driver (all versions from r41p0 to r42p0).
These chips have been used in devices like Google Pixel 7, Samsung S20 and S21, Motorola Edge 40, OnePlus Nord 2, Asus ROG Phone 6, Redmi Note 11 and 12, Honor 70 Pro, RealMe GT, Xiaomi 12 Pro, Oppo Find X5 Pro, Reno 8 Pro, and several mobile phones using Mediatek. Additionally, Arm has extended support for these afflicted chips to Linux-based devices.
In addition to the CVE-2023-4211, Arm’s Monday advisory unveiled two additional vulnerabilities, CVE-2023-33200 and CVE-2023-34970. These vulnerabilities empower non-privileged users to exploit race conditions, culminating in improper GPU operations that enable access to already freed memory.
All three vulnerabilities share one common characteristic — they are exploitable by threat actors possessing local access to the target device. This access is often attained through downloading applications from unofficial sources. Arm has advised the users to update their mobile devices as soon as possible.
Just last week, it was reported that GPUs from all major manufacturers are vulnerable to cross-origin attacks.
In the News: Hackers exploit Dropbox in widespread BEC 3.0 attack campaign
