Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild.
Tracked as CVE-2024-4610, the use-after-free issue impacts the following products -
- Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0)
- Valhall GPU Kernel Driver (all versions from r34p0 to r40p0)
"A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory," the company said in an advisory last week.
The vulnerability has been addressed in Bifrost and Valhall GPU Kernel Driver r41p0. It's worth noting that this version was released on November 24, 2022. The current version of the drivers is r49p0, which was shipped in April 2024.
When reached for comment, Arm told The Hacker News that while it was addressed in 2022, it was provided additional information that reclassified the problem as a security vulnerability.
"In 2022 Arm fixed a weakness in the r41p0 release for the Bifrost and Valhall Mali GPU kernel driver," a spokesperson for the company said. "An external researcher recently provided new information which reclassifies this weakness as a vulnerability. After Arm assessed this issue as a vulnerability, a CVE was published."
The British semiconductor company further acknowledged reports of the shortcoming being exploited in real-world attacks, but did not disclose any additional specifics to prevent further abuse.
That said, previously disclosed zero-day flaws in Arm Mali GPU – CVE-2022-22706, CVE-2022-38181 and CVE-2023-4211 – have been weaponized by commercial spyware vendors for highly targeted attacks aimed at Android devices, with the exploitation of the latter linked to an Italian company named Cy4Gate.
Users of affected products are recommended to update to the appropriate version to secure against potential threats.
(The story was updated after publication on June 17, 2024, to include a response from Arm.)
