Some top ARM GPUs have a potentially worrying security flaw - here's what you need to know

News
By published

ARM Mali GPU flaw is being used in "targeted" attacks

An ARM-Branded Processor
ARM sold (Image credit: ARM)

Chip manufacturing powerhouse ARM has published a security advisory claiming to have addressed a high-severity vulnerability affecting its popular Mali GPU drivers.

The vulnerability, tracked as CVE-2023-4211, is allegedly being used in “limited, targeted exploitation” attacks, the company added, as an improper access to freed memory, but could also be used to compromise, or manipulate, sensitive data. 

Among possibly vulnerable devices, BleepingComputer also states, are the Samsung Galaxy S20/S20 FE, Xiaomi Redmi K30/K40, Motorola Edge 40, and OnePlus Nord 2.

State-sponsored attackers

Affected driver versions include Midgard GPU kernel driver (all versions from r12p0 to r32p0), Bifrost GPU kernel driver (all versions from r0p0 to r42p0), Valhall GPU kernel driver (all versions from r19p0 to r42p0), and Arm 5th Gen GPU architecture kernel driver (all versions from r41p0 to r42p0).

ARM said it fixed the problem for the Bifrost, Valhall, and Arm 5th Gen GPU architecture in the kernel driver version r43p0, so if you’re worried about being compromised, make sure to bring your endpoints up to date. Midgard, being an older model, is no longer supported, and thus will not be getting a patch. 

While ARM did say that the vulnerability was being used in the wild in “limited, targeted exploitation”, it did not elaborate further. However, we do know that the flaw was discovered by Google’s Threat Analysis Group (TAG), and Project Zero. TAG is known for tracking and analyzing state-sponsored threat actors, which are also known to engage in targeted attacks, rather than casting a wide net. 

Elsewhere in the advisory, ARM detailed a pair of other vulnerabilities - CVE-2023-33200 and CVE-2023-34970, which affect Bifrost, Valhall, and Arm's 5th Gen GPU architecture kernel driver versions up to r44p0. The company recommends users install upgrades r44p1 and r45p0.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
MediaTek
MediaTek reveals host of security vulnerabilities, so patch now
Digital image of a lock.
Nvidia systems could be facing another worrying security flaw
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
AMD logo
AMD patches high severity security flaw affecting Zen chips
vpn
Ivanti warns another critical security flaw is being attacked
AMD Ryzen 5 7600X processor
AMD confirms processor security flaws after Asus patch slips out early
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
More about security
Email

Over 90% of Americans demand a "right-to-disconnect" law which would protect them from out-of-hours work communication
A hand holding an iPhone with the iCloud logo on screen.

"I have nothing to hide" - our readers react to Apple getting secret hearing in appeal against UK government
diamond gemstone

Diamond set to become mainstream coolant for AI GPU servers as world’s best thermal conductor promises 25% better overclocking, and 'double performance per watt'
See more latest
Most Popular
diamond gemstone
Diamond set to become mainstream coolant for AI GPU servers as world’s best thermal conductor promises 25% better overclocking, and 'double performance per watt'
Zuckerberg Meta AI
Meta powers ahead with conscious chip uncoupling with Nvidia as it tests its first in-house training AI-PU
Email
Over 90% of Americans demand a "right-to-disconnect" law which would protect them from out-of-hours work communication
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Gachapon Capsure Station
Somewhere in Japan is a dispenser where you can buy toy rack servers complete with cute Dell PowerEdge 2U servers
An angry Mark Grayson flying towards the camera in Invincible season 3 episode 7
Invincible season 4: everything we know so far about the hit Prime Video show's next chapter
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before