Skip to content

ARM advisory warns against 0-day exploitation in Mali GPU drivers

  • by
  • 2 min read

British semiconductor company Arm has warned about the active exploitation of a zero-day vulnerability affecting its Mali GPU kernel drivers. It also confirmed that it has seen vulnerability being exploited in the wild. The vulnerability is tracked as CVE-2024-4610 and affects the Bifrost and Valhall GPU kernel drivers from r34p0 to r40p0.

Arm’s advisory reports that the bug allows a local, non-privileged user to make “improper GPU memory processing operations to gain access to already freed memory.” While Arm has confirmed that it’s aware of reports of this vulnerability being exploited in the wild, the company did not provide specific instances. It’s also unclear whether an old bug is assigned a new CVE ID or a new vulnerability discovered.

The good news is that the vulnerability was already fixed in Bifrost and Valhall GPU kernel driver version r41p0, released on November 24, 2022. The current version is r49p0, shipped in April 2024. However, the confirmation of reports that the vulnerability is being actively exploited means that the update hasn’t completely reached Arm’s user base.

Tada Images / Shutterstock.com
Arm has already issued a patch for the vulnerability in 2022. | Image: Tada Images / Shutterstock.com

Additionally, commercial spyware vendors such as the NSO Group or Cy4Gate often use system-level flaws to build spyware that can carry out targeted attacks against specific Android devices. The Hacker News reports that previously disclosed Arm Mali GPU vulnerabilities such as CVE-2022-22706, CVE-2022-38181, and CVE-2023-4211 have been weaponised by commercial spyware vendors before.

2024 has been a busy year for Arm’s security team. The company has already discovered and quashed nearly 10 vulnerabilities in the Mal GPU Kernel drivers, with CVE-2024-4610 being the most recent one. Nearly all vulnerabilities had identical exploitation and impact, which allowed improper GPU memory processing operations, giving an attacker access to freed system memory.

In the News: 24 Critical ZKTeco terminal flaws expose systems to command injection and other attacks

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>