If exploited, these flaws can allow attackers to gain unauthorized access to sensitive information or generally cause problems
Last week, ARM announced information about three vulnerabilities in your used GPU drivers on Android, ChromeOS and Linux systems and as such the vulnerabilities allow an unprivileged local user to execute their code with kernel rights.
Meanwhile Google also addresses part of the security problems in Android and mention attackers have already been exploiting one of the vulnerabilities (CVE-2023-4211) in functional exploits to carry out targeted attacks of the Zero Day type. For example, the vulnerability can be used in malicious applications distributed through dubious sources to gain full access to the system and install components that spy on the user.
Regarding the vulnerabilities found and which was already mentioned, it is the CVE-2023-4211, The vulnerability arises when performing an incorrect operation of the GPU memory, which could result in accessing already freed system memory, which could be used while other tasks are running in the kernel. The vulnerable GPU models are used in smartphones Google Pixel 7, Samsung S20 and S21, Motorola Edge 40, OnePlus Nord 2, Asus ROG Phone 6, Redmi Note 11, 12, Honor 70 Pro, RealMe GT, Xiaomi 12 Pro, Oppo Find X5 Pro, Reno 8 Pro and some devices with Mediatek chips.
The severity assessment is based on the effect that exploiting the vulnerability could have on an affected device, assuming platform and service mitigations are disabled for development purposes or are successfully bypassed.
On the part of the solution to the vulnerability, it is mentioned that it was distributed in the r43p0 driver update for Mali GPUs based on Bifrost and Valhall microarchitectures, as well as for XNUMXth generation ARM GPUs. No driver updates have been released for Midgard family GPUs. The fix is also offered as part of the September updates for all currently supported branches of Chrome OS and in the October Android update.
Another vulnerability that was revealed is CVE-2023-33200 and which arises in incorrect GPU operations they can cause a race condition and access memory that has already been freed by the controller. The vulnerability was fixed in driver updates r44p1 and r45p0 for Mali GPUs based on Bifrost and Valhall microarchitectures, as well as fifth-generation ARM GPUs.
The last of the mentioned vulnerabilities is CVE-2023-34970 and which arises in incorrect GPU operations they can cause a buffer overflow and out-of-bounds memory access. The vulnerability was fixed in driver updates r44p1 and r45p0 for Mali GPUs based on the Valhall microarchitecture and XNUMXth generation ARM GPUs.
Last but not least, as already mentioned above, Google also announced information about various vulnerabilities and in its October report and in which it mentioned 53 vulnerabilities, of which 5 vulnerabilities were assigned a critical danger level and the rest were assigned a high danger level. Critical issues allow you to launch a remote attack to execute your code on the system.
For the part of the problems marked as dangerous, they are mentioned that these allow the code to execute in the context of a privileged process by manipulating local applications. Three critical issues (CVE-2023-24855, CVE-2023-28540, and CVE-2023-33028) were identified in proprietary Qualcomm components and two (CVE-2023-40129, CVE-2023-4863) in the system (in libwebp and Bluetooth battery).
In total, 5 vulnerabilities were identified in ARM, MediaTek, Unisoc and Qualcomm components and of them it is worth mentioning that the attackers already use two vulnerabilities (one in ARM GPUs and another in libwebp) in their zero day exploits.
Finally if you are interested in knowing more about it, you can check the details in the following link