Arm has issued a safety bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that’s being exploited within the wild.
The safety problem is tracked as CVE-2024-4610 and is a use-after-free vulnerability (UAF) that impacts all variations of Bifrost and Valhall drivers from r34p0 via r40p0.
UAF flaws happen when a program continues to make use of a pointer to a reminiscence location after it has been freed. These bugs can result in info disclosure and arbitrary code execution.
“An area non-privileged person could make improper GPU reminiscence processing operations to achieve entry to already freed reminiscence,” Arm explains.
The corporate additionally mentioned that it’s “conscious of studies of this vulnerability being exploited within the wild. Customers are beneficial to improve if they’re impacted by this problem.”
The chip maker mounted the vulnerability in model r41p0 of Bifrost and Valhall GPU Kernel Driver, which was launched in on November 24, 2022. At the moment, the newest model of the drivers is r49p0.
BleepingComputer reached out to Arm to make clear the latest identifier for a vulnerability that was mounted in 2022.
The corporate offered the next clarification:
“In 2022 Arm mounted a weak spot within the r41p0 launch for the Bifrost and Valhall Mali GPU kernel driver. An exterior researcher not too long ago offered new info which reclassifies this weak spot as a vulnerability. After Arm assessed this problem as a vulnerability, a CVE was revealed.”
As a result of complexity of the provision chain on Android, many finish customers might get patched drivers with vital delays.
As soon as Arm releases a safety replace, system producers have to combine it into their firmware and in lots of instances carriers additionally have to approve it. Relying on the mannequin of the telephone, some makers might select to give attention to newer units and discontinue assist for older ones.
Bifrost-based Mali GPUs are utilized in smartphones/tables (G31, G51, G52, G71, and G76), single-board computer systems, Chromebooks, and numerous embedded methods.
Valhall GPUs are current in high-end smartphones/tables with chips such because the Mali G57 and G77, automotive infotainment methods, and high-performance good TVs.
It is very important observe that a few of the impacted units might not be supported with safety updates.
Replace [June 14]: Article up to date with remark from Arm clarifying the latest identifier for the vulnerability that had been mounted in 2022.