ARM warns for new Mali GPU driver vulnerability
ARM has published a security bulletin warning of a memory-related vulnerability in the ARM Mali GPU Kernel Driver that’s been actively exploited.
The vulnerability is registered as CVE-2024-4610 and allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Bifrost GPU Kernel Driver from r34p0 through r40p0, and Valhall GPU Kernel Driver from r34p0 through r40p0.
“ARM is aware of reports of this vulnerability being exploited in the wild. Users are recommended to upgrade if they are impacted by the issue,” ARM says in a security bulletin.
Bifrost-based Mali GPUs are used in smartphones, tablets, Chromebooks and various embedded systems. Valhall GPUs are seen in high-end smartphones, tablets and smart TVs in the higher-end segment.
According to BleepingComputer, many users may get patched drivers with significant delays due to the complexity of the supply chain on Android. Once ARM releases a security patch, device manufacturers need to integrate it into their firmware. Furthermore, in most cases carriers need to approve the update.
Depending on the brand and model of the phone, producers tend to aim their focus on newer models and no longer support older ones. Therefore, some of the impacted devices may no longer receive the latest security update.
Your email address will not be published. Required fields are marked