Multiple Security Vulnerabilities in Arm’s Mali GPU Driver Patched
Mali GPU drivers are widely utilized in various devices to provide optimal graphics performance. However, recent discoveries of critical security vulnerabilities have highlighted the need for users to upgrade their drivers to ensure a secure graphics processing environment.
Open Grid Scheduler / Grid Engine, CC0, via Wikimedia Commons
CVE-2022-46396 and CVE-2022-46781: Improper GPU Memory Processing Operations
Affecting both Valhall GPU Kernel Drivers (versions r29p0 – r41p0) and Avalon GPU Kernel Driver (version r41p0), these vulnerabilities allow a non-privileged user to perform improper GPU memory processing operations, granting access to a limited amount outside of buffer bounds.
Resolution: Both issues have been fixed in Valhall and Avalon GPU Kernel Driver r42p0. Users are urged to upgrade their drivers if impacted by these vulnerabilities.
CVE-2023-22808: Arm Reference Gralloc Buffer Over-Read
This vulnerability impacts the Avalon, Valhall, and Bifrost Android Gralloc Modules in various versions (r24p0 – r41p0). It allows a non-privileged user to read a small portion of the allocator process memory, posing a security risk.
Resolution: The issue has been resolved in Android Gralloc Module version r42p0. Users affected by this vulnerability should upgrade to the fixed version.
CVE-2023-26083: Sensitive Kernel Metadata Exposure
Affecting Midgard GPU Kernel Drivers (versions r6p0 – r32p0), Bifrost GPU Kernel Drivers (versions r0p0 – r42p0), Valhall GPU Kernel Drivers (versions r19p0 – r42p0), and Avalon GPU Kernel Drivers (versions r41p0 – r42p0), this vulnerability allows a non-privileged user to perform valid GPU processing operations that expose sensitive kernel metadata.
Resolution: The issue has been fixed in Bifrost, Valhall, and Avalon GPU Kernel Driver r43p0. Users are recommended to upgrade their drivers to address this vulnerability. For Midgard GPUs, users are advised to contact Arm support.
Clément Lecigne of Google’s Threat Analysis Group is credited for reporting CVE-2023-26083, which has evidence of limited, targeted exploitation.
Conclusion
The discovery of these security vulnerabilities emphasizes the importance of maintaining up-to-date GPU drivers to ensure a secure graphics processing environment. Users are strongly encouraged to upgrade their Mali GPU driver to the latest fixed versions to mitigate the risks associated with these vulnerabilities.
