ARM warns Mali GPUs are being attacked — so patch now

x
(Image credit: Shutterstock)

A vulnerability in ARM Bifrost and Valhall GPU kernel drivers is being exploited in the wild, the company is warning. 

The vulnerability is two years old, and was patched in late 2022, but with the recent surge in abuse, ARM is urging its users to apply the patch immediately.

According to a security bulletin released, the vulnerability, tracked as CVE2024-4610, is described as a use-after-free (UAF) and affects Bifrost and Valhall drivers versions r34p0 to r40p0. A use-after-free vulnerability is a type of security flaw that occurs when a program continues to use a pointer to a memory location after it has been freed. In programming, when an object is no longer needed, its memory is typically deallocated (freed) so it can be reused. If the program doesn't properly update or clear pointers to that memory, it might attempt to access or modify it after it has been freed.

Timing the patch

According to BleepingComputer, such a flaw can be used to steal sensitive data from vulnerable devices, or even mount arbitrary code execution attacks.

If you are confused how a two-year-old flaw can have a 2024 label, you’re not the only one. BleepingComputer also reached out to ARM, asking for an explanation, and suggesting the company may have patched the flaw unintentionally, and only discovered it now when hackers started exploiting it.

At press time, ARM has still not made it to Windows PCs in significant volumes, so the vulnerability mostly affects Android devices. With the Android ecosystem being as fragmented as it is, devices from different manufacturers might get patched at different times. 

Furthermore, with the vulnerability basically being two years old, there are chances that some devices might not get patched at all. Users are advised to check with their device manufacturers for more details.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
Digital image of a lock.
Fortinet flags some worrying security bugs coming back from the dead
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
AMD logo
AMD patches high severity security flaw affecting Zen chips
Latest in Security
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments