Arm has patched a new security flaw in its Mali GPU kernel drivers that allowed improper GPU memory processing operations to be carried out by a local non-privileged user.
Yet without a CVSS score, the vulnerability, dubbed CVE-2023-4211, was reported to have active exploitations in the wild.
“A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory,” Arm said in an October 2 advisory. “There is evidence that this vulnerability may be under limited, targeted exploitation.”
The advisory also notified patching up two other vulnerabilities in the same driver family allowing similar exploitations.
Bug allows access to freed-up memory
Although much isn’t clear about the nature of the attacks, Arm said the vulnerability allows hackers to exploit system memory no longer in use. Getting access to such environments is the most common mechanism for loading malicious codes.
A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition, according to the advisory. If a system’s memory is carefully prepared by that user, it could give them access to already freed memory.
Arm has credited the discovery of active exploitations to Maddie Stone of Google’s Threat Analysis Group and Jann Horn of Google Project Zero.
Google Pixel devices and Chromebooks — most affected by the vulnerability — were both separately patched by Google in September.
Patches now available for most affected versions
Arm’s Mali line of GPUs runs on a host of devices including mobile devices, smart TVs, automotive infotainment systems, wearable devices, embedded systems, IoT devices, development boards, and gaming consoles. The GPUs run a range of kernel driver versions across all these devices.
The vulnerability affects four different versions of the drivers including Midgard GPU Kernel Driver (from version r12p0 – r32p0), Bifrost GPU Kernel Driver (from version r0p0 – r42p0), Valhall GPU Kernel Driver (from version r19p0 – r42p0), and Arm 5th Gen GPU Architecture Kernel Driver (from version r41p0 – r42p0).
Patches are available now for three out of the four affected versions. “This issue is fixed in Bifrost, Valhall, and Arm 5th Gen GPU Architecture Kernel Driver r43p0,” Arm said. “Users are recommended to upgrade if they are impacted by this issue.” Arm also advised support for Midgard GPUs on contact. Two other patches informed in the advisory included those for CVE-2023-33200, and CVE-2023-34970, both of which allow similar exploitations in the Valhall and Arm 5th Gen versions of the GPU.