Latest Cyber Security News

You are here: Home / General Cyber Security News / Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers
June 11, 2024

Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it reported has been actively exploited in the wild.

Tracked as CVE-2024-4610, the use-after-absolutely free issue impacts the pursuing products –

  • Bifrost GPU Kernel Driver (all variations from r34p0 to r40p0)
  • Valhall GPU Kernel Driver (all versions from r34p0 to r40p0)

“A neighborhood non-privileged person can make inappropriate GPU memory processing operations to get entry to now freed memory,” the corporation stated in an advisory previous 7 days.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Cybersecurity

The vulnerability has been tackled in Bifrost and Valhall GPU Kernel Driver r41p0. It is really worth noting that this model was released in November, 2022. The present-day edition of the drivers is r49p0, which was shipped in April 2024.

The Hacker News has attained out to Arm to make clear no matter whether this was an aged security flaw which is now currently being assigned a new CVE identifier or if it was freshly identified, and will update the tale if we listen to again.

The British semiconductor business more acknowledged reviews of the shortcoming getting exploited in actual-earth attacks, but did not disclose any added particulars to protect against even further abuse.

That stated, formerly disclosed zero-day flaws in Arm Mali GPU – CVE-2022-38181 and CVE-2023-4211 – have been weaponized by industrial adware distributors for very specific attacks aimed at Android units, with the exploitation of the latter connected to an Italian corporation named Cy4Gate.

People of afflicted goods are recommended to update to the appropriate model to protected in opposition to prospective threats.

Found this post intriguing? Follow us on Twitter  and LinkedIn to go through much more distinctive articles we write-up.


Some parts of this short article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *