CISA Urges Federal Agencies and Private Companies to Immediately Fix Critical Vulnerability in Arm Mali GPU Driver

CISA demanded that federal agencies eliminate immediately vulnerability in the Arm Mali GPU driver, which is actively exploited by attackers and has been fixed in the latest Android security updates.

The vulnerability (tracked as CVE-2021-29256) is a freed memory usage bug that could allow attackers to gain root privileges or access sensitive information on target Android devices by performing improper GPU memory operations.

“An unprivileged user can perform improper GPU memory operations to gain access to already freed memory and can gain root privilege and/or reveal information,” Arm said in the advisory.

“This issue has been fixed in the Bifrost and Valhall r30p0 GPU kernel driver and fixed in the Midgard r31p0 kernel driver. Users are advised to upgrade if they are affected by this issue.”

This month, Google fixed two more security vulnerabilities that are flagged as being exploited in attacks.

CVE-2023-26083 is a moderate memory leak vulnerability in the Arm Mali GPU driver that was exploited in December 2022 as part of an exploit chain that delivered spyware to Samsung devices.

The third vulnerability, tracked as CVE-2023-2136 and rated Critical, is an integer overflow bug found in Google’s Skia, an open source 2D graphics library for multiple platforms. Note that Skia is used with the Google Chrome web browser, where it was patched in April as a zero-day vulnerability.

Federal Agencies Must Protect Android Devices for 3 Weeks U.S. federal civilian executive branch (FCEB) agencies have been given until July 28 to protect their devices from attacks that target CVE-2021-29256, added today to CISA’s list of known exploitable vulnerabilities.

A mandatory operational directive (BOD 22-01) issued in November 2021 requires federal agencies to carefully assess and address any security vulnerabilities listed in the KEV CISA catalog.

While the catalog is primarily targeted at US federal agencies, it is also strongly recommended that private companies fix all vulnerabilities listed in the CISA catalog as a priority.

“These types of vulnerabilities are common attack vectors for malicious cyber actors and pose a serious threat to the federal environment,” CISA warned today.

agency this week warned that the attackers behind the TrueBot malware distribution operation are exploiting a critical remote code execution (RCE) vulnerability in Netwrix Auditor software to initially access target networks.

1 week ago also warned about distributed denial of service (DDoS) attacks targeting US organizations from various industries.