Arm has announced that vulnerabilities have been discovered in the drivers of its Mali-series GPUs that are being exploited by attackers and affecting a wide range of devices, including Google Pixel and other Android smartphones, as well as Chromebooks and other Linux devices.
“A local unprivileged user could perform an illegal GPU memory operation to gain access to already shared memory. The issue has been fixed for Bifrost, Valhall, and the kernel driver for the 5th generation Arm GPU architecture. There is evidence that the vulnerability can be exploited on a limited scale.”says in opinion Poor. The vulnerability allows an attacker to access shared memory. This is a common mechanism for loading malicious code to exploit other vulnerabilities or install spyware. It’s worth noting that Arm’s announcement refers to drivers, not GPU firmware.
The vulnerability was assigned the number CVE-2023-4211 – it affects drivers for graphics subsystems of the Midgard, Bifrost, Valhall and fifth generation chips families. It is assumed that the smartphones include Google Pixel 7, Samsung Galaxy S20 and S21, Motorola Edge 40, OnePlus Nord 2, ASUS ROG Phone 6, Redmi Note 11 and 12, Honor 70 Pro, Realme GT, Xiaomi 12 Pro, Oppo Find are prone to vulnerability. X5 Pro and Reno 8 Pro, as well as a number of phones on MediaTek platforms. With the September update, Google closed the vulnerability for both Pixel devices and Chromebooks – it was fixed with patches from September 1, 2023 and later. Arm has released driver updates for Linux. The developer also mentioned the CVE-2023-33200 and CVE-2023-34970 vulnerabilities, which also allow access to already shared memory.
To exploit all three vulnerabilities, a hacker needs local access to the device or forces the victim to independently install a malicious application from an unofficial repository. It is not yet known for which platforms or devices the patches have been released, so it is recommended to contact the device manufacturer.