Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211)
A vulnerability (CVE-2023-4211) in the kernel drivers for several Mali GPUs “may be under limited, targeted exploitation,” British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches.
Arm’s Mali GPUs are used on a variety devices, most prominently on Android phones by Google, Samsung, Huawei, Nokia, Xiaomi, Oppo, and other manufacturers.
About CVE-2023-4211
CVE-2023-4211 stems from improper GPU memory processing and allows a local non-privileged to gain access to already freed memory.
It affects kernel drivers for a range of Arm GPUs:
- Midgard GPU Kernel Driver: All versions from r12p0 – r32p0
- Bifrost GPU Kernel Driver: All versions from r0p0 – r42p0
- Valhall GPU Kernel Driver: All versions from r19p0 – r42p0
- Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 – r42p0
“This issue is fixed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Kernel Driver r43p0. Users are recommended to upgrade if they are impacted by this issue. Please contact Arm support for Midgard GPUs,” Arm advised.
Maddie Stone of Google’s Threat Analysis Group and Jann Horn of Google Project Zero have been credited with reporting the flaw, but no details are currently available on the attacks in which it’s being leveraged.
Two zero-day vulnerabilities (CVE-2022-22706, CVE-2023-26083) in Mali GPU kernel drivers have been previously spotted being exploited to deliver spyware by commercial spyware vendor Variston.
Propagation of fixes
Arm has also delivered fixed for two additional vulnerabilies affecting some of those same drivers (CVE-2023-33200, CVE-2023-34970), both of which could also give attackers access to already freed memory.
The fixes for CVE-2023-4211 have already been delivered by Google to its Pixel devices and incorporated into ChromeOS and ChromeOS Flex.
According to the Android Security Bulletin for October 2023, Android partners have been notified of the issue and will hopefully soon implement the patches in regular security updates for their own Android-based phones.