In a recent revelation, Arm, the leading semiconductor and software design company, has issued a warning about active ongoing attacks targeting vulnerabilities in the device drivers for its Mali line of GPUs. These GPUs are extensively used across a range of devices, including Google Pixels, Android handsets, Chromebooks, and various Linux-based hardware.
Key Highlights:
- Active attacks are targeting a vulnerability in Mali GPU device drivers.
- The vulnerability allows unauthorized access to already freed memory.
- Devices affected include Google Pixel 7, Samsung S20, S21, and many others.
- Google has already patched Pixels and Chromebooks against this vulnerability.
- Arm has credited the discovery of the active exploitations to Maddie Stone from Google’s Project Zero team.
The vulnerability in question allows a local non-privileged user to perform improper GPU memory processing operations, which can potentially grant them access to memory that’s no longer in use. This kind of access can be a gateway for attackers to load malicious code into a system, which can then be executed. Such execution can lead to the exploitation of other system vulnerabilities or the installation of malicious payloads, which can spy on the device user.
One of the primary ways attackers gain local access to a device is by deceiving users into downloading malicious applications from unofficial sources or repositories. While the advisory from Arm does mention the vulnerability in the drivers for the GPUs, it doesn’t touch upon the microcode that operates inside the chips.
The most affected platform by this vulnerability is Google’s Pixel line. Fortunately, Google has been proactive in addressing this issue. The tech giant has already released patches for its Pixel devices in its September update against this vulnerability, which is identified as CVE-2023-4211. Furthermore, Google has also released patches for Chromebooks that utilize the vulnerable GPUs. Devices that have been patched will display a driver version of either r44p1 or r45p0.
The vulnerability, CVE-2023-4211, is found in a variety of Arm GPUs that have been released over the past ten years. Some of the notable devices that house these chips include Google Pixel 7, Samsung S20, S21, Motorola Edge 40, OnePlus Nord 2, and many more.
It’s worth noting that Arm’s advisory also disclosed two other vulnerabilities, CVE-2023-33200 and CVE-2023-34970. Both these vulnerabilities can be exploited by a non-privileged user to access already freed memory. The commonality among all these vulnerabilities is that they can be exploited by an attacker with local access to the device.
In Conclusion: The recent vulnerabilities discovered in Arm’s Mali GPU drivers underscore the importance of timely security updates and the potential risks associated with downloading applications from unofficial sources. Users are advised to regularly update their devices and exercise caution when installing new applications. The proactive response from companies like Google in patching these vulnerabilities is commendable, but the onus is also on users to ensure their devices are secure.
