Arm is warning of a safety vulnerability impacting Mali GPU Kernel Driver that it mentioned has been actively exploited within the wild.
Tracked as CVE-2024-4610, the use-after-free difficulty impacts the next merchandise –
“A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory,” the corporate mentioned in an advisory final week.
The vulnerability has been addressed in Bifrost and Valhall GPU Kernel Driver r41p0. It is price noting that this model was launched on November 24, 2022. The present model of the drivers is r49p0, which was shipped in April 2024.
The Hacker Information has reached out to Arm to make clear whether or not this was an previous safety flaw that is now being assigned a brand new CVE identifier or if it was newly found, and can replace the story if we hear again.
The British semiconductor firm additional acknowledged reviews of the shortcoming being exploited in real-world assaults, however didn’t disclose any extra specifics to forestall additional abuse.
That mentioned, beforehand disclosed zero-day flaws in Arm Mali GPU – CVE-2022-22706, CVE-2022-38181 and CVE-2023-4211 – have been weaponized by industrial spy ware distributors for extremely focused assaults geared toward Android units, with the exploitation of the latter linked to an Italian firm named Cy4Gate.
Customers of affected merchandise are really useful to replace to the suitable model to safe towards potential threats.
