CATEGORIES
home News

Arm Warns Mali GPUs Are Under Alarming Security Attack, Emergency Patch Issued

by Mark TysonTuesday, October 03, 2023, 01:56 PM EDT
hero arm mali GPUs
Mobile processor designer Arm has issued a security bulletin for developers using its Mali GPU drivers. The firm has warned that a flaw tracked as CVE-2023-4211 “may be under limited, targeted exploitation.” Affected devices include the Google Pixel 7, Samsung Galaxy S20 and S21, the ASUS ROG Phone 6 and many more by firms like Oppo, Xiaomi, RealMe and Honor. GPU kernel drivers are now ready to patch most of the affected GPUs.

affected modern devices

Arm Mali GPUs are very widely used in a diverse range of smart and computing devices like smartphones, tablets, Chromebooks, and Linux machines. Several generations of affected GPU architectures span platforms where security updates aren’t likely to be forthcoming, like for older smartphones.

Arm Mali CVE 2023 4211 vulnerability

In its description of the flaw, Arm says that “A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.” This method of access to system memory is a commonly exploited mechanism for malware. A malicious actor could potentially use this opportunity to execute nefarious code or exploit other vulnerabilities.

Arm has patched the CVE-2023-4211 flaw in its r43p0 kernel drivers for Bifrost, Valhall and Arm 5th Gen GPUs. As hinted at above, users of older devices will be lucky if they get updates to cover the CVE-2023-4211 flaw. Mali Midgard, Bifrost, and Valhall GPU architectures were introduced between 2013 and 2019, and some Android vendors will only offer system and security updates for a couple of years. Users of Arm’s 5th gen GPU architecture will probably have the best luck, as it is pretty new, debuting in devices this summer. Meanwhile, developers using the Midgard GPU kernel driver are being asked to contact Arm support.

Arm Mali 5th Gen GPU

Some relief for older device users may come from Arm’s statement that local device access is required to exploit the CVE-2023-4211 flaw. Attackers typically try to get this level of access by tricking users to download specially modified apps from outside the Google Play Store or Amazon App Store. Therefore, users of older devices which haven’t seen updates for some time would be wise to stick to the major official software repositories and reputable, well-known apps.

Arm also disclosed the CVE-2023-33200 and CVE-2023-34970 vulnerabilities in its security bulletin on Monday.
Tags:  ARM, Mali, vulnerabilities
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment