The leading Processor Technology provider, ARM has announced a zero-day vulnerability in its Open Source Kernel Drivers: Mali GPU Drivers on 7th June 2024. This vulnerability is tracked as CVE-2024-4610 and is said to be exploited in the wild by attackers. Mali GPU Drivers, the widely used ARM GPU Drivers, expose millions of devices to this zero-day flaw, making it a critical vulnerability.
Affected versions:
This flaw is present in the following GPU Kernel Drivers:
- Bifrost GPU Kernel Driver: All versions from r34p0 to r40p0
- Valhall GPU Kernel Driver: All versions from r34p0 to r40p0
This is an old vulnerability that is assigned with a CVE now, as the patch version r41p0 was released on 24th November 2022, and we can see many later versions available from the vendor now. The improper GPU memory processing operations are considered as the attack vector here. This can be used with the existing use-after-flaw issue in the drivers by a local attacker to gain access to a memory location after it has been freed by a pointer.
The vendor is yet to publish further technical details on this flaw.
Impact
The Use-after-free issue in the affected Mali GPU Kernel Drivers allows a local non-privileged attacker to make improper GPU memory processing operations and gain access to already freed memory.
Solution
Users should update the Bifrost and Valhall GPU Kernel Drivers to version r41p0 or later.
We recommend users of these products install the necessary ARM Driver security updates mentioned in the advisory as soon as possible to stay protected.
Patch Dangerous Risks Now with SanerNow
SanerNow is an integrated patch management solution that can detect vulnerabilities in your network and patch them automatically. With support for all major OSs and 550+ 3rd party applications, SanerNow provides complete coverage to your endpoints!
Further, SanerNow can test patches before deployment, roll them back if necessary and completely automate the process to ease the burden on your IT and security teams.
Experience cutting-edge patching with SanerNow. Schedule a Demo