An unidentified vendor of spyware has been discovered exploiting a vulnerability in GPU kernel drivers developed by Arm, a leading semiconductor and software giant. According to a statement provided by Google to TechTarget Editorial, the flaw, known as CVE-2023-4211, affects kernel drivers in Arm’s popular processor series, Mali GPU, which is commonly found in Android devices and used in various technology sectors. Arm has issued an advisory stating that a local, non-privileged user exploiting the vulnerability can gain access to already freed memory by performing erroneous GPU memory processing operations.
Arm has acknowledged that there is evidence to suggest that this vulnerability may have been targeted by limited exploitation. The discovery of the vulnerability is credited to Maddie Stone, a security researcher at Google’s Threat Analysis Group (TAG), and Jann Horn, a security researcher at Google Project Zero. While Arm disclosed CVE-2023-4211 on Monday, Google initially mentioned the vulnerability in an August blog post about a Chrome release. Google has already released a patch for its Pixel devices, which feature Arm Mali GPUs, in order to mitigate the risk. Additional technical details regarding the vulnerability will be shared by Google in accordance with its vulnerability disclosure policy at a later date.
A spokesperson for Google TAG confirmed that this CVE was used by a commercial surveillance vendor in the wild. The term “surveillance vendor” is used by Google to refer to vendors that sell spyware, such as the NSO Group and Intellexa. More information regarding the timeline of the flaw’s discovery and the identity of the spyware vendor is being sought from Arm.
The flaw impacts several GPU kernel drivers, including all versions of Midgard GPU kernel drivers from r12p0 to r32p0, all Bifrost GPU kernel driver versions from r0p0 to r42p0, all Valhall GPU kernel driver versions from r19p0 to r42p0, and all versions of Arm’s 5th Gen GPU Architecture kernel driver from r41p0 to r42p0.
As of now, CVE-2023-4211 has not been assigned a CVSS severity rating. Arm advises affected users to upgrade their GPU to a fixed version, which includes the r43p0 version of the Arm 5th Gen GPU Architecture Kernel Driver, Bifrost, and Valhall. For Midgard GPUs, users are instructed to contact Arm support for further assistance.
In conclusion, an unnamed spyware vendor is taking advantage of a vulnerability in Arm’s GPU kernel drivers, posing a risk to Android devices and various technology sectors. Arm and Google are actively addressing the issue by releasing patches and offering support to affected users. It is crucial for users to update their GPU drivers to the fixed version to mitigate the potential risks associated with this vulnerability.