Arm Mali GPU Kernel Driver 0-Day Vulnerability Actively Exploited in the Wild

Arm, a leader in semiconductor technology, has disclosed a series of critical security vulnerabilities affecting its Mali GPU Kernel Drivers and firmware.

These vulnerabilities, spanning across multiple GPU architectures, including Bifrost, Valhall, and the Arm 5th Gen GPU Architecture, pose significant security risks to users.

One of the vulnerabilities has reportedly been exploited in the wild, raising the urgency for affected users to update their systems immediately.

SIEM as a Service

The Exploited Vulnerability: CVE-2024-4610

Among the disclosed vulnerabilities, CVE-2024-4610 stands out as having been actively exploited in real-world attacks.

Affecting the Bifrost GPU Kernel Driver (versions r34p0–r40p0) and the Valhall GPU Kernel Driver (versions r34p0–r40p0), the issue allows a local non-privileged attacker to conduct improper GPU memory processing operations.

This, in turn, can provide access to already freed memory, potentially opening pathways to further exploitation.

The vulnerability has been addressed in the updated versions of the drivers (r41p0 and newer), and Arm urges all impacted users to upgrade as soon as possible to minimize their exposure.

“Arm is aware of reports of this vulnerability being exploited in the wild. Users are recommended to upgrade if they are impacted by this issue.” Arm discloused.

Overview of Vulnerabilities

In addition to CVE-2024-4610, Arm has detailed nine other security flaws across various Mali GPU kernel driver and firmware components. These include:

Here’s the table without the “Issued Date” column:

CVE ID(s)DescriptionFixed in Versions
CVE-2025-0015Allows improper GPU processing operationsr49p2, r53p0
CVE-2024-6790Can cause system unresponsiveness via GPU memory opsr49p1, r52p0
CVE-2024-3655, CVE-2024-2937, CVE-2024-4607Improper GPU memory processing operationsr49p1, r50p0
CVE-2024-0153Affects GPU firmware, potentially enabling full system memory accessr47p0
CVE-2024-1395, CVE-2024-1067, CVE-2023-6363Affect GPU kernel drivers, enabling access to freed memoryr48p0

Each of these vulnerabilities permits varied levels of access to sensitive memory regions or system functionalities, posing risks such as system crashes, information disclosure, or privilege escalation.

The vulnerabilities primarily affect systems using Mali GPUs, which are commonly found in consumer devices such as smartphones and tablets. Exploits could potentially be triggered by local non-privileged user processes or via web-based technologies like WebGL or WebGPU.

The most severe issues allow attackers to access already freed memory, manipulate GPU processing operations, or even crash entire systems. One vulnerability (CVE-2024-0153) highlights an alarming scenario where an attacker could access all system memory if carefully prepared operations are executed.

To mitigate these risks, Arm strongly advises users, developers, and device manufacturers to upgrade to the latest driver and firmware versions. Key updates include:

  • Valhall and Arm 5th Gen Drivers: Update to r49p2, r52p0, or later.
  • Bifrost Drivers: Upgrade to r49p1 or newer.
  • Firmware Updates: Move to r47p0 or later for the affected Valhall and Arm 5th Gen GPU firmware.

These updates are critical for mitigating potential attacks, especially for users whose systems might already be targeted in the wild.

The disclosure of these vulnerabilities underscores the importance of vigilance in maintaining up-to-date software and hardware components, especially for widely used GPU architectures like Mali.

Arm’s proactive transparency in addressing these issues allows users to secure their systems against potential exploitation. However, the responsibility to apply these patches in a timely manner lies with end-users and device manufacturers.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Start Now for Free.

Balaji N
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.