Chipmaker Arm has discovered three vulnerabilities within the Mali GPU kernel driver. Evidence has been found in the wild that one exploit, tracked as CVE-2023-4211, has come under active exploitation in the wild.
Mali is a line of graphics processing units (GPU) that runs on a host of devices, including hardware running Linux, Chromebooks, Google Pixels and Android handsets.
“A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory,” Arm says in an advisory. “ There is evidence that this vulnerability may be under limited, targeted exploitation. Users are recommended to upgrade if they are impacted by this issue,” warns the report.
The company explains that a local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program or cause the execution of malicious code.
“If the system’s memory is carefully prepared by the user,” continues the report, “then this in turn could give them access to already freed memory,” allowing an attacker to inject the system with malicious code, giving them the chance to exploit other vulnerabilities or to install malicious software such as ransomware or spyware.
The most common platform affected by the vulnerability is Google, whose Chromebooks and Android handsets have already received their own patches, which can be found here.
Two other vulnerabilities in the Mali GPU kernel driver were also resolved by Arm. CVE-2023-33200 and CVE-2023-34970 could both give a local non-privileged user to “exploit a software race condition” leading to inappropriate access to already freed memory, as with above, leading to risks of malicious code injection or data theft.
This is the second near miss the company has experienced this year. In May, Arm’s TrustZone-enabled Cortex-M-based systems were successfully attacked.
In a statement at the time, the organisation said, “The Security Extensions for the Armv8-M architecture do not claim to protect against side-channel attacks due to control flow or memory access patterns. Indeed, such attacks are not specific to the Armv8-M architecture; they may apply to any code with secret-dependent control flow or memory access patterns. Arm works to improve security and enable the ecosystem to build more secure solutions”.