CISA ordered federal companies right now to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its checklist of actively exploited vulnerabilities and addressed with this month’s Android safety updates.
The flaw (tracked as CVE-2021-29256) is a use-after-free weak point that may let attackers escalate to root privileges or achieve entry to delicate data on focused Android units by permitting improper operations on GPU reminiscence.
“A non-privileged Consumer could make improper operations on GPU reminiscence to realize entry to already freed reminiscence and might be able to achieve root privilege, and/or disclose data,” Arm’s advisory reads.
“This difficulty is mounted in Bifrost and Valhall GPU Kernel Driver r30p0 and stuck in Midgard Kernel Driver r31p0 launch. Customers are really helpful to improve if they’re impacted by this difficulty.”
With this month’s safety updates for the Android working system, Google patched two extra safety flaws tagged as being exploited in assaults.
CVE-2023-26083 is a medium-severity reminiscence leak flaw within the Arm Mali GPU driver leveraged in December 2022 as a part of an exploit chain that delivered adware to Samsung units.
A 3rd vulnerability, tracked as CVE-2023-2136 and rated as crucial severity, is an integer overflow bug present in Google’s Skia, an open-source multi-platform 2D graphics library. Notably, Skia is used with the Google Chrome internet browser, the place it was addressed in April as a zero-day bug.
Federal companies ordered to safe Android units inside 3 weeks
U.S. Federal Civilian Govt Department Businesses (FCEB) have been given till July twenty eighth to safe their units in opposition to assaults concentrating on the CVE-2021-29256 vulnerability added to CISA’s checklist of Identified Exploited Vulnerabilities right now.
In keeping with the binding operational directive (BOD 22-01) issued in November 2021, federal companies are certain to completely assess and deal with any safety flaws outlined in CISA’s KEV catalog.
Though the catalog primarily focuses on U.S. federal companies, it is also strongly really helpful that non-public firms prioritize and patch all vulnerabilities listed in CISA’s catalog.
“A majority of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise,” CISA warned right now.
Earlier this week, the cybersecurity company warned that attackers behind the TrueBot malware operation exploit a crucial distant code execution (RCE) vulnerability within the Netwrix Auditor software program for preliminary entry to targets’ networks.
One week earlier, CISA additionally warned of distributed denial-of-service (DDoS) assaults concentrating on U.S. organizations throughout a number of business sectors.