Arm and NVIDIA have recently disclosed new vulnerabilities in their products [1], urging customers to update for security [1].
Description
Arm’s Mali GPU Kernel Driver has a zero-day vulnerability [1], CVE-2024-4610 [1] [2], affecting Bifrost and Valhall drivers [1] [2]. This vulnerability allows for improper GPU memory processing operations and is actively exploited. NVIDIA’s June security bulletin identified 10 new vulnerabilities in their GPU Display Driver and VGPU software products [2]. Among these, CVE-2024-0090 is the most serious, as it is an out-of-bounds write error that could lead to code execution, denial of service [2], privilege escalation [2], information disclosure [2], and data manipulation [2].
Conclusion
Promptly patching vulnerable systems is crucial to mitigate these risks and ensure the security of systems using Arm and NVIDIA products. Failure to address these vulnerabilities could have severe consequences, including unauthorized access, data breaches, and system compromise. It is essential for customers to stay informed about security updates and take necessary actions to protect their systems from potential threats.
References
[1] https://www.infosecurity-magazine.com/news/nvidia-arm-urge-customers-patch/
[2] https://islainformatica.com/nvidia-y-arm-instan-a-los-clientes-a-corregir-errores/