June 11, 2024 at 06:18AM
Arm warns of CVE-2024-4610, a memory safety bug in Mali GPU kernel drivers exploited in the wild, potentially allowing local users improper GPU memory processing operations. The bug impacts Bifrost and Valhall drivers, was introduced in r34p0, and addressed in r41p0. Arm urges prompt device updates and notes past exploit instances in Mali GPUs.
From the provided meeting notes, I have gathered the following key takeaways:
– Arm has warned its customers about a memory safety bug in its Mali GPU kernel drivers, which has been exploited in the wild.
– The bug, tracked as CVE-2024-4610, is a use-after-free issue that could be exploited by local users to manipulate GPU memory processing operations.
– Successful exploitation of the bug allows a non-privileged attacker to access previously freed memory.
– Arm is aware of reports of the vulnerability being exploited in the wild and urges users to update their devices promptly.
– CVE-2024-4610 impacts the Bifrost and Valhall GPU kernel drivers, and the bug was introduced in driver version r34p0.
– The issue was addressed with the release of Bifrost and Valhall driver version r41p0 in November 2022.
– This development is concerning given the widespread usage of Arm’s Mali GPUs in millions of devices, including smartphones, tablets, smart TVs, and embedded systems.
– This is not the first instance of vulnerabilities in Mali GPUs being exploited in the wild, with at least two other vulnerabilities being targeted over the past two years.
– Arm has cited that some of these vulnerabilities have been exploited by commercial spyware vendors.
– The company did not share specific details on the observed exploitation but emphasized the importance of updating devices.
These takeaways encapsulate the key points from the meeting notes, providing a clear summary of the issues discussed. Let me know if you require any additional information or further analysis.