Subj : Some top ARM GPUs have a potentially worrying security flaw - her To : All From : TechnologyDaily Date : Tue Oct 03 2023 18:45:04 Some top ARM GPUs have a potentially worrying security flaw - here's what you need to know Date: Tue, 03 Oct 2023 17:38:27 +0000 Description: The flaw can be used to compromise and manipulate sensitive data, with ARM Mali GPUs most at risk. FULL STORY ====================================================================== Chip manufacturing powerhouse ARM has published a security advisory claiming to have addressed a high-severity vulnerability affecting its popular Mali GPU drivers. The vulnerability, tracked as CVE-2023-4211, is allegedly being used in limited, targeted exploitation attacks, the company added, as an improper access to freed memory, but could also be used to compromise, or manipulate, sensitive data. Among possibly vulnerable devices, BleepingComputer also states, are the Samsung Galaxy S20/S20 FE, Xiaomi Redmi K30/K40, Motorola Edge 40, and OnePlus Nord 2. State-sponsored attackers Affected driver versions include Midgard GPU kernel driver (all versions from r12p0 to r32p0), Bifrost GPU kernel driver (all versions from r0p0 to r42p0), Valhall GPU kernel driver (all versions from r19p0 to r42p0), and Arm 5th Gen GPU architecture kernel driver (all versions from r41p0 to r42p0). ARM said it fixed the problem for the Bifrost, Valhall, and Arm 5th Gen GPU architecture in the kernel driver version r43p0, so if youre worried about being compromised, make sure to bring your endpoints up to date. Midgard, being an older model, is no longer supported, and thus will not be getting a patch. While ARM did say that the vulnerability was being used in the wild in limited, targeted exploitation, it did not elaborate further. However, we do know that the flaw was discovered by Googles Threat Analysis Group (TAG), and Project Zero. TAG is known for tracking and analyzing state-sponsored threat actors, which are also known to engage in targeted attacks, rather than casting a wide net. Elsewhere in the advisory, ARM detailed a pair of other vulnerabilities - CVE-2023-33200 and CVE-2023-34970, which affect Bifrost, Valhall, and Arm's 5th Gen GPU architecture kernel driver versions up to r44p0. The company recommends users install upgrades r44p1 and r45p0. Via BleepingComputer More from TechRadar Pro TransUnion's data stolen in major data breach Here's a list of the best firewalls today These are the best malware removal tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/some-top-arm-gpus-have-a-potentially-wo rrying-security-flaw-heres-what-you-need-to-know --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .