Vulnerable Arm GPU drivers under active exploitation. Patches may not be available


Getty Photographs

Arm warned on Monday of lively ongoing assaults concentrating on a vulnerability in system drivers for its Mali line of GPUs, which run on a number of gadgets, together with Google Pixels and different Android handsets, Chromebooks, and {hardware} operating Linux.

“A neighborhood non-privileged person could make improper GPU reminiscence processing operations to achieve entry to already freed reminiscence,” Arm officers wrote in an advisory. “This concern is mounted in Bifrost, Valhall and Arm fifth Gen GPU Structure Kernel Driver r43p0. There’s proof that this vulnerability could also be underneath restricted, focused exploitation. Customers are really helpful to improve if they’re impacted by this concern.”

The advisory continued: “A neighborhood non-privileged person could make improper GPU processing operations to entry a restricted quantity outdoors of buffer bounds or to use a software program race situation. If the system’s reminiscence is fastidiously ready by the person, then this in flip might give them entry to already freed reminiscence.”

Having access to system reminiscence that’s not in use is a standard mechanism for loading malicious code right into a location an attacker can then execute. This code usually permits them to use different vulnerabilities or to put in malicious payloads for spying on the cellphone person. Attackers usually acquire native entry to a cell system by tricking customers into downloading malicious purposes from unofficial repositories. The advisory mentions drivers for the affected GPUs being susceptible however makes no point out of microcode that runs contained in the chips themselves.

Probably the most prevalent platform affected by the vulnerability is Google’s line of Pixels, that are one of many solely Android fashions to obtain safety updates on a well timed foundation. Google patched Pixels in its September replace towards the vulnerability, which is tracked as CVE-2023-4211. Google has additionally patched Chromebooks that use the susceptible GPUs. Any system that reveals a patch stage of 2023-09-01 or later is proof against assaults that exploit the vulnerability. The system driver on patched gadgets will present as model r44p1 or r45p0.

CVE-2023-4211 is current in a spread of Arm GPUs launched over the previous decade. The Arm chips affected are:

  • Midgard GPU Kernel  Driver: All variations from r12p0 – r32p0
  • Bifrost GPU Kernel Driver: All variations from r0p0 – r42p0
  • Valhall GPU Kernel Driver: All variations from r19p0 – r42p0
  • Arm fifth Gen GPU Structure Kernel Driver: All variations from r41p0 – r42p0

Gadgets believed to make use of the affected chips embody the Google Pixel 7, Samsung S20 and S21, Motorola Edge 40, OnePlus Nord 2, Asus ROG Cellphone 6, Redmi Observe 11, 12, Honor 70 Professional, RealMe GT, Xiaomi 12 Professional, Oppo Discover X5 Professional, and Reno 8 Professional and a few telephones from Mediatek.

Arm additionally makes drivers for the affected chips out there for Linux gadgets.

Little is at the moment recognized in regards to the vulnerability, aside from that Arm credited discovery of the lively exploitations to Maddie Stone, a researcher in Google’s Undertaking Zero crew. Undertaking Zero tracks vulnerabilities in broadly used gadgets, notably once they’re subjected to zero-day or n-day assaults, which confer with these concentrating on vulnerabilities for which there are not any patches out there or those who have very not too long ago been patched.

Arm’s Monday advisory disclosed two further vulnerabilities which have additionally obtained patches. CVE-2023-33200 and CVE-2023-34970 each permit a non-privileged person to use a race situation to carry out improper GPU operations to entry already freed reminiscence.

All three vulnerabilities are exploitable by an attacker with native entry on the system, which is often achieved by way of tricking customers to obtain purposes from unofficial repositories.

It’s at the moment unknown what different platforms, if any, have patches out there. Till this info will be tracked down, individuals ought to examine with the producer of their system. Sadly, many susceptible Android gadgets obtain patches months and even years after turning into out there, if in any respect.

Source link