Saturday, February 8, 2025
Homecyber securityArm Released a Security Update Mali GPU Kernel Driver Vulnerabilities

Arm Released a Security Update Mali GPU Kernel Driver Vulnerabilities

Published on

SIEM as a Service

Follow Us on Google News

On February 3, 2025, Arm disclosed a vulnerability in the Mali GPU Kernel Driver that allows improper GPU processing operations.

This issue affects Valhall GPU Kernel Driver versions ranging from r48p0 to r49p1 and r50p0 to r52p0, as well as the Arm 5th Gen GPU Architecture Kernel Driver within the same version ranges.

The flaw enables a local, non-privileged user to access already freed memory through improper GPU operations.

Arm has resolved this issue in Valhall and Arm 5th Gen GPU Architecture Kernel Driver versions r49p2 and r53p0.

Users are advised to upgrade to these versions to mitigate potential risks.

System Unresponsiveness via Valid GPU Memory Processing (CVE-2024-6790)

Another critical vulnerability reported on February 3, 2025, involves the Mali GPU Kernel Driver causing system unresponsiveness.

This issue impacts Bifrost, Valhall, and Arm 5th Gen GPU Architecture Kernel Drivers across various versions, including r44p1, r46p0 to r49p0, and r50p0 to r51p0.

CVE ID(s)DescriptionFixed in Versions
CVE-2025-0015Allows improper GPU processing operationsr49p2, r53p0
CVE-2024-6790Can cause system unresponsiveness via GPU memory opsr49p1, r52p0
CVE-2024-3655, CVE-2024-2937, CVE-2024-4607Improper GPU memory processing operationsr49p1, r50p0
CVE-2024-0153Affects GPU firmware, potentially enabling full system memory accessr47p0

Exploitation of this vulnerability allows a non-privileged user to execute valid GPU memory processing operations such as those via WebGL or WebGPU that render the entire system unresponsive.

Fixes have been implemented in Bifrost GPU Kernel Driver version r49p1 and Valhall/Arm 5th Gen GPU Architecture Kernel Driver versions r49p1 and r52p0.

Users are urged to update their systems accordingly. These vulnerabilities highlight the importance of timely updates to protect against potential exploitation and maintain system integrity.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...