British semiconductor and software design company Arm has patched a high-severity vulnerability in the Arm Mali GPU Kernel driver said to have been exploited in the wild.
The flaw, tracked as CVE-2024-4610, is a use-after-free issue that can be abused by a local user for code execution with elevated privileges. The flaw impacts Bifrost GPU Kernel Driver: all versions from r34p0 to r40p0 and Valhall GPU Kernel Driver: all versions from r34p0 to r40p0.
The vulnerability was addressed with the release of Bifrost and Valhall GPU Kernel Driver r41p0.
Arm said it “is aware of reports of this vulnerability being exploited in the wild,” but didn’t provide any details regarding the nature of the exploitation.
Last year, Google revealed that another Mali GPU privilege escalation vulnerability (CVE-2022-22706) was exploited as part of an exploit chain targeting Samsung Internet Browser. The exploits were delivered in one-time links sent via SMS to devices located in the United Arab Emirates (UAE).
Furthermore, in October 2023, Arm patched yet another security flaw in Mali GPU (CVE-2023-4211) exploited by commercial spyware to compromise some users’ devices.