Some top ARM GPUs have a potentially worrying security flaw - here's what you need to know

News
By Sead Fadilpašić
published

ARM Mali GPU flaw is being used in "targeted" attacks

An ARM-Branded Processor
ARM sold (Image credit: ARM)

Chip manufacturing powerhouse ARM has published a security advisory claiming to have addressed a high-severity vulnerability affecting its popular Mali GPU drivers.

The vulnerability, tracked as CVE-2023-4211, is allegedly being used in “limited, targeted exploitation” attacks, the company added, as an improper access to freed memory, but could also be used to compromise, or manipulate, sensitive data. 

Among possibly vulnerable devices, BleepingComputer also states, are the Samsung Galaxy S20/S20 FE, Xiaomi Redmi K30/K40, Motorola Edge 40, and OnePlus Nord 2.

State-sponsored attackers

Affected driver versions include Midgard GPU kernel driver (all versions from r12p0 to r32p0), Bifrost GPU kernel driver (all versions from r0p0 to r42p0), Valhall GPU kernel driver (all versions from r19p0 to r42p0), and Arm 5th Gen GPU architecture kernel driver (all versions from r41p0 to r42p0).

ARM said it fixed the problem for the Bifrost, Valhall, and Arm 5th Gen GPU architecture in the kernel driver version r43p0, so if you’re worried about being compromised, make sure to bring your endpoints up to date. Midgard, being an older model, is no longer supported, and thus will not be getting a patch. 

While ARM did say that the vulnerability was being used in the wild in “limited, targeted exploitation”, it did not elaborate further. However, we do know that the flaw was discovered by Google’s Threat Analysis Group (TAG), and Project Zero. TAG is known for tracking and analyzing state-sponsored threat actors, which are also known to engage in targeted attacks, rather than casting a wide net. 

Elsewhere in the advisory, ARM detailed a pair of other vulnerabilities - CVE-2023-33200 and CVE-2023-34970, which affect Bifrost, Valhall, and Arm's 5th Gen GPU architecture kernel driver versions up to r44p0. The company recommends users install upgrades r44p1 and r45p0.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.