Known Exploited Vulnerability - Arm Mali GPU Kernel Driver Use-After-Free - 20231004002¶
Overview¶
Arm officials wrote an advisory regarding active ongoing attacks targeting "Use-After-Free" vulnerabilities in device drivers for its Mali line of GPUs. These GPUs are run on a host of devices, including Google Pixels and other Android handsets, Chromebooks, and hardware running Linux.
What is the vulnerability?¶
- CVE-2023-4211 - CVSS v3 Base Score: TBA: A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
- CVE-2023-33200 - CVSS v3 Base Score: TBA: A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.
- CVE-2023-34970 - CVSS v3 Base Score: TBA: A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory
What is vulnerable?¶
The vulnerability affects the following products:
- Midgard GPU Kernel Driver: All versions from r12p0 - r32p0
- Bifrost GPU Kernel Driver: All versions from r0p0 - r44p0
- Valhall GPU Kernel Driver: All versions from r19p0 - r44p0
- Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 - r44p0
What has been observed?¶
CISA added this vulnerabilty in their Known Exploited Vulnerabilties catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the resolutions to all affected devices within expected timeframe of 48 Hours... (refer Patch Management):