Arm has issued a safety bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that’s being exploited within the wild.
The safety problem is tracked as CVE-2024-4610 and is a use-after-free vulnerability (UAF) that impacts all variations of Bifrost and Valhall drivers from r34p0 by way of r40p0.
UAF flaws happen when a program continues to make use of a pointer to a reminiscence location after it has been freed. These bugs can result in data disclosure and arbitrary code execution.
“A neighborhood non-privileged consumer could make improper GPU reminiscence processing operations to realize entry to already freed reminiscence,” Arm explains.
The corporate additionally mentioned that it’s “conscious of experiences of this vulnerability being exploited within the wild. Customers are advisable to improve if they’re impacted by this problem.”
The chip maker mounted the vulnerability in model r41p0 of Bifrost and Valhall GPU Kernel Driver, which was launched in on November 24, 2022. At the moment, the most recent model of the drivers is r49p0.
BleepingComputer has reached out to Arm to make clear the current identifier for a vulnerability that was mounted in 2022. One clarification may very well be that the problem was patched with out intention and it was found due to the assaults.
Because of the complexity of the availability chain on Android, many finish customers might get patched drivers with important delays.
As soon as Arm releases a safety replace, system producers must combine it into their firmware and in lots of circumstances carriers additionally must approve it. Relying on the mannequin of the cellphone, some makers might select to concentrate on newer units and discontinue help for older ones.
Bifrost-based Mali GPUs are utilized in smartphones/tables (G31, G51, G52, G71, and G76), single-board computer systems, Chromebooks, and numerous embedded methods.
Valhall GPUs are current in high-end smartphones/tables with chips such because the Mali G57 and G77, automotive infotainment methods, and high-performance sensible TVs.
It is very important observe that among the impacted units might not be supported with safety updates.