Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation

Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild.

Tracked as CVE-2023-4211, the shortcoming impacts the following driver versions –

• Midgard GPU Kernel Driver: All versions from r12p0 – r32p0
• Bifrost GPU Kernel Driver: All versions from r0p0 – r42p0
• Valhall GPU Kernel Driver: All versions from r19p0 – r42p0
• Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 – r42p0

“A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory,” Arm said in a Monday advisory. “There is evidence that this vulnerability may be under limited, targeted exploitation.”

The issue, credited to Maddie Stone of Google’s Threat Analysis Group (TAG) and Jann Horn of Google Project Zero, has been addressed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Kernel Driver r43p0.

Google, in its own monthly Android Security Bulletin for October 2023, said it found indications of targeted exploitation of CVE-2023-4211 and CVE-2023-4863, a severe flaw impacting the WebP image format in the Chrome web browser that was patched last month.

Exact specifics surrounding the nature of the attacks are still unclear, but indications are that they may have been weaponized as part of a spyware campaign targeting high-risk individuals.

Also resolved by Arm are two other flaws in the Mali GPU Kernel Driver that allow for improper GPU memory processing operations –

• CVE-2023-33200 – A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.
• CVE-2023-34970 – A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this, in turn, could give them access to already freed memory.

This is not the first time flaws in Arm Mali GPU Kernel Driver have come under active exploitation. Earlier this year, Google TAG disclosed that CVE-2023-26083 was abused in conjunction with a series of four other flaws by a spyware vendor to penetrate Samsung devices.