Arm Discloses Critical Vulnerabilities in Mali GPU Drivers, Actively Exploited in the Wild

Arm Discovers Critical Security Flaws in Mali GPU Kernel Driver, Exploited in the Wild

Arm has recently disclosed several severe security vulnerabilities within its Mali GPU Kernel Drivers and firmware. These flaws span across multiple GPU architectures, including Midgard, Bifrost, Valhall, and the 5th Gen Arm GPU Architecture. The vulnerabilities are notably concerning, as some have already been actively exploited in the wild, putting systems and user data at significant risk.

Key Vulnerabilities and Their Risks

1. CVE-2025-0015
   This critical vulnerability affects Valhall and 5th Gen GPU Kernel Drivers (versions r48p0–r52p0). It allows improper GPU processing operations, enabling attackers to access already freed memory. Such an issue can be exploited by local, non-privileged users to gain unauthorized access, posing risks such as system crashes or further exploitation.

2. CVE-2024-6790
   Impacting Bifrost, Valhall, and 5th Gen GPU Kernel Drivers (r44p1, r46p0 to r49p0, r50p0 to r51p0), this flaw can cause system unresponsiveness when invalid memory operations are executed through web-based technologies such as WebGL or WebGPU. If exploited, it can leave the system unresponsive, potentially causing a crash.

3. CVE-2024-3655, CVE-2024-2937, CVE-2024-4607
   These vulnerabilities involve improper GPU memory handling, affecting versions r49p1, r50p0, and others. Attackers could exploit race conditions or out-of-bounds memory operations, which could potentially provide unauthorized access to freed memory or system resources.

4. CVE-2024-0153
   This issue specifically affects the GPU firmware and has the potential to grant full system memory access if carefully crafted operations are executed. It impacts versions r47p0 for both Valhall and 5th Gen firmware, opening pathways for attackers to access sensitive system memory, an extremely high-risk flaw.

5. CVE-2024-4610
   One of the most concerning flaws, CVE-2024-4610, has already been exploited in real-world attacks. It affects Bifrost and Valhall GPU Kernel Drivers (r34p0–r40p0). Exploiting this vulnerability allows attackers to manipulate GPU memory processing, ultimately gaining access to freed memory and enabling further exploitation.

6. CVE-2024-1395, CVE-2024-1067, CVE-2023-6363
   These vulnerabilities focus on improper memory handling within the GPU kernel, enabling attackers to access freed memory in versions r48p0. Exploitation could lead to privilege escalation, system crashes, or potential data leakage.

Impact and Exploitation

These vulnerabilities primarily affect consumer devices, such as smartphones and tablets, where Mali GPUs are commonly used. Exploitation of these flaws can occur via local, non-privileged user processes or through web-based technologies like WebGL/WebGPU, which interact with the GPU.

The most severe vulnerabilities allow attackers to manipulate GPU processing operations, crash systems, and access sensitive memory regions. For instance, CVE-2024-0153 could potentially allow attackers to access all system memory with carefully crafted buffer operations. This heightens the severity of these issues, especially as some vulnerabilities are actively being exploited.

Urgent Fixes and Updates

Arm has released patches addressing these vulnerabilities, urging users and manufacturers to update their systems immediately. To mitigate the risks, users should:

• Update Valhall and 5th Gen Drivers to versions r49p2, r52p0, or later.
• Update Bifrost Drivers to version r49p1 or newer.
• For firmware issues, users should upgrade to r47p0 or later for affected Valhall and 5th Gen GPU firmware.

Older GPU architectures, such as Midgard, also face vulnerabilities, and Arm recommends contacting support for guidance on the best course of action.

Conclusion

These vulnerabilities underscore the critical need for timely updates to ensure system security and integrity. With the increasing reliance on GPU-driven processes, particularly in consumer devices, addressing these flaws promptly is vital to preventing potential exploitation. Arm continues to work with security researchers to resolve these issues, and end users are urged to stay vigilant by applying the latest updates available.