Arm Discloses Critical Use-After-Free Vulnerability in GPU Drivers Amid Active Exploitation
Arm Issues Critical Warning on Exploited Memory Vulnerability in Bifrost and Valhall GPU Drivers
Arm has issued a security bulletin alerting users to a critical memory-related vulnerability in its Bifrost and Valhall GPU kernel drivers, which is currently being exploited in the wild. The flaw, tracked as CVE-2024-4610, is identified as a use-after-free (UAF) vulnerability affecting all versions of the drivers from r34p0 through r40p0.
Use-after-free vulnerabilities occur when a program continues to use a pointer to a memory location after it has been freed, potentially leading to information disclosure and arbitrary code execution. In this instance, a local non-privileged user can manipulate GPU memory operations to access already freed memory, according to Arm’s explanation.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
The vulnerability has been addressed in version r41p0 of the Bifrost and Valhall GPU Kernel Driver, which was released on November 24, 2022. However, the latest available driver version is r49p0. Arm has acknowledged reports of this vulnerability being exploited in active attacks and recommends that affected users upgrade their drivers immediately.
Despite the fix being released in 2022, BleepingComputer has reached out to Arm to clarify why a recent identifier has been assigned to a previously patched issue. One possible reason could be that the vulnerability was unintentionally patched and only discovered later due to ongoing attacks.
Trending: Offensive Security Tool: PingRAT
The update and patch distribution process for Android devices adds complexity, often causing significant delays before end users receive the patched drivers. Once Arm releases a security update, device manufacturers need to integrate it into their firmware, and in many cases, carriers also need to approve it. This process can be slower for older devices, which may no longer receive security updates.
Bifrost-based Mali GPUs are widely used in various devices, including smartphones, tablets (G31, G51, G52, G71, and G76), single-board computers, Chromebooks, and embedded systems. Valhall GPUs are found in high-end smartphones and tablets (Mali G57 and G77), automotive infotainment systems, and high-performance smart TVs.
Users of impacted devices are strongly advised to ensure they are running the latest GPU drivers to mitigate the risk posed by CVE-2024-4610.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
