Arm has issued a safety bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that’s being exploited within the wild.
The safety challenge is tracked as CVE-2024-4610 and is a use-after-free vulnerability (UAF) that impacts all variations of Bifrost and Valhall drivers from r34p0 by r40p0.
UAF flaws  happen when a program continues to make use of a pointer to a reminiscence location after it has been freed. These bugs can result in info disclosure and arbitrary code execution.
“A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory,” Arm explains.
The corporate additionally stated that it’s “aware of reports of this vulnerability being exploited in the wild. Users are recommended to upgrade if they are impacted by this issue.”
The chip maker mounted the vulnerability in model r41p0 of Bifrost and Valhall GPU Kernel Driver, which was launched in on November 24, 2022. Presently, the newest model of the drivers is r49p0.
BleepingComputer has reached out to Arm to make clear the current identifier for a vulnerability that was mounted in 2022. One rationalization might be that the problem was patched with out intention and it was found due to the assaults.
Because of the complexity of the availability chain on Android, many finish customers might get patched drivers with vital delays.
As soon as Arm releases a safety replace, gadget producers have to combine it into their firmware and in lots of instances carriers additionally have to approve it. Relying on the mannequin of the telephone, some makers might select to give attention to newer gadgets and discontinue help for older ones.
Bifrost-based Mali GPUs are utilized in smartphones/tables (G31, G51, G52, G71, and G76), single-board computer systems, Chromebooks, and varied embedded techniques.
Valhall GPUs are current in high-end smartphones/tables with chips such because the Mali G57 and G77, automotive infotainment techniques, and high-performance good TVs.
It is very important word that a few of the impacted gadgets might not be supported with safety updates.
