Beware Old Androids, Active Exploit On Bifrost and Valhall GPU Kernel Drivers
It’s Not Just Old Devices, It’s The Whole Android Patching Process
There was a a use-after-free vulnerability in version r41p0 of the Bifrost and Valhall GPU kernel driver, which was patched back in 2022. The problem is that when Arm releases a patch, we depend on the device manufacturers to adopt the patch and make it available to their customers. Once they do, we are often dependant on the phone carriers to then get the patch, possibly conduct internal testing, and finally push it to devices connected to their network. This is assuming that the carrier doesn’t decide to just pull support for the device completely and offer a new model instead.
All of that complexity makes it quite possible that a two year old vulnerability which should have been patched, is instead a serious concern for users of smartphones, TVs, tablets and even Chromebooks. In most cases it is not easy to determine what Bifrost or Vallhall driver version is installed on your device; in some cases it is impossible. If you’ve an Android device that hasn’t seen an update in at least two years you should seriously consider dumping it, if you have a more modern device you might still want to check this site to see if you might be vulnerable.
Sadly there isn’t much you can do other than that, unless someone knows of an app that will give you a full list of the drivers present on your Android devices.
BleepingComputer has reached out to Arm to clarify the recent identifier for a vulnerability that was fixed in 2022. One explanation could be that the issue was patched without intention and it was discovered because of the attacks.
More Tech News From Around The Web
- Nanofluidic memristors compute in brain-inspired logic circuits @ Physics World
- HP BIOS update renders some ProBook laptops expensive paperweights @ The Register
- AI trained on photos from kids’ entire childhood without their consent @ Ars Technica
- Hackers steal “significant volume” of data from hundreds of Snowflake customers @ Ars Technica
- Microsoft’s New Outlook Security Changes Impact 3rd-Party Apps and Gmail Integration @ Slashdot
- New Warmcookie Windows backdoor pushed via fake job offers @ Bleeping Computer
- TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers @ Bleeping Computer
- Intel interrupts work on $25B Israel fab, citing need for ‘responsible capital management’ @ The Register
- Raspberry Pi is Now a Public Company @ Slashdot
- QNAP QSW-M3224-24T 24-port 10Gbase-T Switch Shown at Computex 2024 @ ServeTheHome
