CVE-2023-4211: ARM Mali GPU Zero-Day Security Vulnerability

In the ever-evolving landscape of cybersecurity, vulnerabilities remain a perpetual concern. Recently, the spotlight has turned to Arm Mali GPUs, revealing a series of security flaws that could potentially impact a significant number of devices worldwide.

1. CVE-2023-4211: An issue lies within the Mali GPU Kernel Driver that allows improper GPU memory processing operations. What does this mean in layman’s terms? A non-privileged local user could manipulate GPU memory processing operations to access previously freed memory. Alarming indeed.

Affected Drivers:

• Midgard GPU Kernel Driver: r12p0 to r32p0
• Bifrost GPU Kernel Driver: r0p0 to r42p0
• Valhall GPU Kernel Driver: r19p0 to r42p0
• Arm 5th Gen GPU Architecture Kernel Driver: r41p0 to r42p0

It’s essential to note that there’s tangible evidence pointing to targeted exploitation of this vulnerability. “There is evidence that this vulnerability may be under limited, targeted exploitation,” ARM wrote.

For those using impacted drivers, an immediate upgrade is advised. Special thanks go to security researchers Maddie Stone of Google’s Threat Analysis Group and Jann Horn of Google Project Zero for flagging this issue.

2. CVE-2023-33200: Here, another flaw in the Mali GPU Kernel Driver comes to light, this time allowing improper GPU processing operations to exploit a software race condition. In essence, if a user cautiously prepares the system’s memory, it grants access to previously released memory.

Affected Drivers:

• Bifrost GPU Kernel Driver: r17p0 to r44p0
• Valhall GPU Kernel Driver: r19p0 to r44p0
• Arm 5th Gen GPU Architecture Kernel Driver: r41p0 to r44p0

3. CVE-2023-34970: Yet another vulnerability has been identified in the Mali GPU Kernel Driver, giving non-privileged local users access to a limited amount outside of buffer bounds or an opportunity to exploit a software race condition.

Affected Drivers:

• Valhall GPU Kernel Driver: r44p0
• Arm 5th Gen GPU Architecture Kernel Driver: r44p0

These vulnerabilities aren’t isolated incidents; they represent potential threats to a significant chunk of the digital landscape. Mali GPU drivers power system-on-a-chip circuits from vendors such as MediaTek, HiSilicon Kirin, and Exynos. These, in turn, are at the heart of most Android devices in circulation.

As of now, Arm’s fix for CVE-2023-4211 has been incorporated into Android and Pixel devices. Google swiftly reacted, releasing the patch for its Pixel devices on September 18. Android’s expansive ecosystem will be expected to adopt this patch to adhere to upcoming security patch level (SPL) requisites.

The discovery of these vulnerabilities underscores the perennial challenge faced by the tech community: bridging patch gaps. These gaps have the potential to expose millions of devices simultaneously, increasing the risks posed by malicious actors.

As consumers, it’s crucial to stay informed, and as manufacturers and developers, the task remains clear: continuously refine, patch, and protect.