Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it reported has been actively exploited in the wild.
Tracked as CVE-2024-4610, the use-after-absolutely free issue impacts the pursuing products –
- Bifrost GPU Kernel Driver (all variations from r34p0 to r40p0)
- Valhall GPU Kernel Driver (all versions from r34p0 to r40p0)
“A neighborhood non-privileged person can make inappropriate GPU memory processing operations to get entry to now freed memory,” the corporation stated in an advisory previous 7 days.

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The vulnerability has been tackled in Bifrost and Valhall GPU Kernel Driver r41p0. It is really worth noting that this model was released in November, 2022. The present-day edition of the drivers is r49p0, which was shipped in April 2024.
The Hacker News has attained out to Arm to make clear no matter whether this was an aged security flaw which is now currently being assigned a new CVE identifier or if it was freshly identified, and will update the tale if we listen to again.
The British semiconductor business more acknowledged reviews of the shortcoming getting exploited in actual-earth attacks, but did not disclose any added particulars to protect against even further abuse.
That stated, formerly disclosed zero-day flaws in Arm Mali GPU – CVE-2022-38181 and CVE-2023-4211 – have been weaponized by industrial adware distributors for very specific attacks aimed at Android units, with the exploitation of the latter connected to an Italian corporation named Cy4Gate.
People of afflicted goods are recommended to update to the appropriate model to protected in opposition to prospective threats.
Found this post intriguing? Follow us on Twitter and LinkedIn to go through much more distinctive articles we write-up.
Some parts of this short article are sourced from:
thehackernews.com