In a recent development, Arm has issued a warning concerning a security vulnerability within the Mali GPU Kernel Driver. This vulnerability, identified as CVE-2024-4610, has been actively exploited in real-world scenarios, posing potential risks to users’ devices.
The impacted products include the Bifrost GPU Kernel Driver (versions ranging from r34p0 to r40p0) and the Valhall GPU Kernel Driver (versions ranging from r34p0 to r40p0). Arm highlights that a local non-privileged user could exploit this flaw by manipulating GPU memory processing operations, thereby gaining unauthorized access to freed memory.
However, there’s good news amidst this discovery. Arm has swiftly responded to the situation by releasing an update in the form of Bifrost and Valhall GPU Kernel Driver version r41p0. While this update was initially rolled out in November 2022, it remains crucial for users to ensure they are operating on the latest version of the drivers, which currently stands at r49p0, released in April 2024.
Upon reaching out to Arm for further clarification on the nature of the vulnerability, particularly whether it’s a previously known issue under a new CVE identifier or a novel discovery, The Hacker News awaits a response and pledges to keep readers informed with any updates on the matter.
While Arm refrains from divulging specific details to mitigate further exploitation, it acknowledges the existence of reports indicating active attacks leveraging this vulnerability. This caution underscores the importance of promptly addressing such security concerns and underscores the company’s commitment to safeguarding user devices.
Interestingly, this isn’t the first time vulnerabilities in Arm Mali GPU drivers have made headlines. Previous instances such as CVE-2022-38181 and CVE-2023-4211 have been exploited by malicious actors, particularly by commercial spyware vendors targeting Android devices. Notably, the exploitation of CVE-2023-4211 was traced back to an Italian company named Cy4Gate, shedding light on the evolving landscape of cyber threats and the need for robust security measures.
In light of these developments, users of affected products are strongly advised to update to the latest available version of the drivers. By doing so, they can fortify their devices against potential threats and mitigate the risk of falling victim to exploitation.
Arm’s proactive approach in addressing security vulnerabilities underscores its dedication to ensuring the integrity and security of its products. As threats continue to evolve, such swift responses are essential in safeguarding users’ digital experiences and maintaining trust in the ecosystem.
In conclusion, while the discovery of security vulnerabilities may raise concerns, timely actions taken by industry leaders like Arm serve as a beacon of assurance, empowering users to navigate the digital landscape with confidence and peace of mind. Stay tuned for further updates on this evolving story as the cybersecurity community continues its efforts to combat emerging threats and bolster defenses against exploitation.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : “Passwords” Coming Soon: Apple to Launch New Password Manager App (WWDC-2024)
Pingback: Microsoft's Latest Patch Tuesday June 2024: Patch for MSMQ Vulnerability (CVE-2024-30080) included
Pingback: Google Warns for Pixel Firmware Zero-Day Vulnerability: CVE-2024-32896