[CDP-development] TLP:GREEN (Vulnerability Alert Notification) CVE-2023-4211: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability

[CSS Security Operations Services * DAS]

Good afternoon,

The SOC Services team is reporting on the vulnerability CVE-2023-4211: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability. Due to its high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:

History: On October 2, 2023 Arm released a security notification that CVE-2023-4211 may be under limited, targeted exploitation. On October 3, 2023, CISA added CVE-2023-4211 to the known exploited vulnerabilities catalog.

The following products are affected:

  *   Midgard GPU Kernel Driver: All versions from r12p0 - r32p0
  *   Bifrost GPU Kernel Driver: All versions from r0p0 - r42p0
  *   Valhall GPU Kernel Driver: All versions from r19p0 - r42p0
  *   Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 - r42p0
Fixed Versions:

  *   Bifrost GPU Kernel Driver: r43p0
  *   Valhall GPU Kernel Driver: r43p0
  *   Arm 5th Gen GPU Architecture Kernel Driver: r43p0
No available fix:

  *   Midgard GPU Kernel Driver: Arm is currently asking customers to contact arm support for Midgard GPUs.

Arm has released the following notification about the vulnerability which can be found here: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Intelligence: As of October 3, 2023, the vulnerability has been confirmed as being exploited in the wild.

Workarounds: There are no workarounds for this vulnerability.

How it works: Additional information about how this vulnerability works has not been released at this time.

Post-Exploit: Upon successful exploitation of the vulnerability, A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.

As of October 3, 2023, the following vulnerability plugin has been released and is currently in Tenable Security Center:
Plugin
Title
Severity
182435<https://www.tenable.com/plugins/nessus/182435>
ARM Mali GPU Kernel Driver < r43p0 Improper Memory Access (CVE-2023-4211)
High

Recommended Actions:


  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.











-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20231003/876a8810/attachment-0001.html>