"Arm Warns of Exploited Kernel Driver Vulnerability"

British semiconductor giant Arm has recently warned customers about a memory safety bug in Mali GPU kernel drivers that has been exploited in the wild.  The vulnerability is tracked as CVE-2024-4610 and is a use-after-free issue that could be exploited by local users to make improper GPU memory processing operations.  The company noted that successful exploitation of the flaw allows a non-privileged attacker to access previously freed memory.  According to Arm, CVE-2024-4610 impacts the Bifrost and Valhall GPU kernel drivers.  The bug was introduced in driver version r34p0 and was addressed with the release of Bifrost and Valhall driver version r41p0 in November 2022.  In its advisory, the company did not share details on the observed exploitation but urged users to update their devices as soon as possible. Arm’s Mali GPUs are used in millions of devices, including smartphones, tablets, smart TVs, and various types of embedded systems.
 

SecurityWeek reports: "Arm Warns of Exploited Kernel Driver Vulnerability"