Analysis Summary

Arm has alerted the public to a security flaw in the Mali GPU Kernel Driver that has been actively exploited in the wild. The use-after-free issue, monitored as CVE-2024-4610, affects GPU Kernel Driver for Bifrost (all versions from r34p0 to r40p0) and GPU Kernel Driver for Valhall (all versions from r34p0 to r40p0).

Improper GPU memory processing activities can allow a local non-privileged user to access previously released memory. The Valhall GPU Kernel Driver r41p0 and Bifrost both have fixes for the vulnerability. It's important to remember that November 2022 saw the release of this version. The drivers are currently running on r49p0, which was shipped in April 2024.

The British semiconductor manufacturer also confirmed that reports of the vulnerability being used in actual attacks had been received, but it withheld further information to stop the misuse. Nevertheless, previously known Arm Mali GPU zero-day vulnerabilities, CVE-2022-38181 and CVE-2023-4211, have been turned into weapons by commercial spyware providers for extremely focused assaults against Android smartphones; the latter's exploitation has been connected to an Italian business by the name of Cy4Gate.

Patched drivers may arrive significantly later for a large number of end users on Android due to the intricacy of the supply chain. It is advised that users of impacted goods update to the latest version to protect themselves from potential dangers. It is significant to remember that security updates might not be available for some of the affected devices.

Impact

• Unauthorized Access
• Exposure of Sensitive Data

Indicators of Compromise

CVE

• CVE-2024-4610

Affected Vendors

Remediation

• Refer to the Arm Website for patch, upgrade, or suggested workaround information.
• Organizations must test their assets for the vulnerability mentioned above and apply the available security patch or mitigation steps as soon as possible.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations must stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.