Semiconductor giants Nvidia and Arm warn of new flaws in their graphics processors

The major semiconductor companies Arm and Nvidia are urging customers to apply patches for a series of new vulnerabilities in their products.

The U.K.-based Arm warned on Friday about an actively exploited zero-day flaw in its Mali GPU Kernel Driver — software that helps the operating system communicate with the Mali graphics processor.

The vulnerability, tracked as CVE-2024-4610, can lead to “improper GPU memory processing operations,” potentially causing security issues such as crashes, data corruption, or unauthorized access to sensitive information.

Arm said that it is aware of reports of this vulnerability being exploited in the wild and has already fixed the bug. The company recommends its users upgrade their Bifrost and Valhall GPU kernel drivers if they are impacted by this issue.

This isn't the first time researchers have discovered issues in Arm's Mali GPU kernel driver. In October, the company said that a security issue, tracked as CVE-2023-4211, could allow hackers to gain access to data stored on devices that use Mali GPU.

Last year, a researcher known as Man Yue Mo on GitHub identified a security vulnerability in the Mali GPU kernel driver that could have enabled hackers to gain control over the operating system of the Google Pixel 6. That issue was fixed in June 2022.

The U.S.-based GPU designer and manufacturer, Nvidia, also revealed on Thursday 10 new high and medium-severity vulnerabilities in its GPU Display Driver and vGPU software products.

The flaw tracked as CVE‑2024‑0090, which was discovered in Nvidia’s GPU driver for Windows and Linux, might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering, the company said.

Nvidia’s GPU Display Driver for Windows also contains a vulnerability — CVE‑2024‑0089 — “where information from a previous client or another process could be disclosed.”

Another flaw tracked as CVE‑2024‑0099, which was discovered in Nvidia's virtual GPU (vGPU) — software that allows multiple virtual machines to share a single physical GPU — could also lead to information disclosure, data tampering, escalation of privileges, and denial of service.

Nvidia didn’t mention if either of these flaws was exploited in the wild. The company advised its users to download and install the software updates to protect their systems from potential abuse by hackers.