Article Details

Arm warns of actively exploited flaw in Mali GPU kernel drivers. Arm has issued a security bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that is being exploited in the wild. The security issue is tracked as CVE-2024-4610 and is a use-after-free vulnerability (UAF) that impacts all versions of Bifrost and Valhall drivers from r34p0 through r40p0. UAF flaws  occur when a program continues to use a pointer to a memory location after it has been freed. These bugs can lead to information disclosure and arbitrary code execution. "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory," Arm explains. The company also said that it is "aware of reports of this vulnerability being exploited in the wild. Users are recommended to upgrade if they are impacted by this issue." The chip maker fixed the vulnerability in version r41p0 of Bifrost and Valhall GPU Kernel Driver, which was released in on November 24, 2022. Currently, the latest version of the drivers is r49p0. BleepingComputer has reached out to Arm to clarify the recent identifier for a vulnerability that was fixed in 2022. One explanation could be that the issue was patched without intention and it was discovered because of the attacks. Due to the complexity of the supply chain on Android, many end users may get patched drivers with significant delays. Once Arm releases a security update, device manufacturers need to integrate it into their firmware and in many cases carriers also need to approve it. Depending on the model of the phone, some makers may choose to focus on newer devices and discontinue support for older ones. Bifrost-based Mali GPUs are used in smartphones/tables (G31, G51, G52, G71, and G76), single-board computers, Chromebooks, and various embedded systems. Valhall GPUs are present in high-end smartphones/tables with chips such as the Mali G57 and G77, automotive infotainment systems, and high-performance smart TVs. It is important to note that some of the impacted devices may no longer be supported with security updates.