Arm Patches Major Vulnerabilities in Android Device GPU Drivers

On Tuesday, Arm, the British multinational semiconductor and software design company, confirmed and addressed several vulnerabilities in the kernel drivers of Mali GPUs utilized in Android devices from major manufacturers. These issues were detected in the Midgard, Bifrost, Valhall GPU kernel drivers, and Arm’s 5th Gen GPU Architecture Kernel Driver.

The most critical vulnerability (CVE-2023-4211), reported by Google’s Maddie Stone and Jann Horn, is believed to have been exploited in targeted attacks possibly carried out by state-sponsored actors. This flaw impacts devices such as the Samsung Galaxy S20/S20 FE, Xiaomi Redmi K30/K40, Motorola Edge 40, and OnePlus Nord 2. The affected driver versions include Midgard (r12p0 to r32p0), Bifrost (r0p0 to r42p0), Valhall (r19p0 to r42p0), and 5th Gen (r41p0 to r42p0). Arm has released a patch (version r43p0) for the Bifrost, Valhall, and 5th Gen drivers.

In addition to CVE-2023-4211, Arm has resolved two other vulnerabilities (CVE-2022-22706, CVE-2023-26083) that were exploited by Variston. The company also provided fixes for two further vulnerabilities (CVE-2023-33200, CVE-2023-34970) highlighted in the October 2023 Android Security Bulletin. Upgrades r44p1 and r45p0 are recommended for these issues.

These patches are crucial for maintaining the security of Android devices worldwide. Arm’s prompt action in addressing these vulnerabilities reflects the company’s dedication to combating cybersecurity threats effectively.

This article was generated with the support of AI and reviewed by an editor.