CISA Directs Government Agencies to Patch Actively Exploited Android Driver
July 7, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an order for federal agencies to rectify a high-severity flaw in the Arm Mali GPU kernel driver. This flaw, known as CVE-2021-29256, is a use-after-free vulnerability that can enable attackers to escalate to root privileges or access sensitive information on targeted Android devices by permitting inappropriate operations on GPU memory. Arm's advisory statement reads, "A non-privileged User can make improper operations on GPU memory to gain access to already freed memory and may be able to gain root privilege, and/or disclose information." This issue has been addressed in the Bifrost and Valhall GPU Kernel Driver r30p0 and fixed in Midgard Kernel Driver r31p0 release. Users are advised to upgrade if they are affected by this issue.
In the recent security updates for the Android operating system, Google has patched two additional security flaws identified as being exploited in attacks. CVE-2023-26083, a medium-severity memory leak flaw in the Arm Mali GPU driver, was used in December 2022 as part of an exploit chain that delivered spyware to Samsung devices. Another vulnerability, CVE-2023-2136 rated as critical severity, is an integer overflow bug found in Google's Skia, an open-source multi-platform 2D graphics library. Notably, Skia is used with the Google Chrome web browser, where it was addressed in April as a zero-day bug.
U.S. Federal Civilian Executive Branch Agencies (FCEB) have been instructed to secure their devices against attacks targeting the CVE-2023-20963 vulnerability by July 28th. This vulnerability was added to CISA's list of Known Exploited Vulnerabilities today. As per the binding operational directive (BOD 22-01) issued in November 2021, federal agencies are obligated to thoroughly assess and address any security flaws outlined in CISA's KEV catalog. While the catalog primarily targets U.S. federal agencies, private companies are also strongly advised to prioritize and patch all vulnerabilities listed in CISA's catalog. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned today.
Earlier this week, CISA alerted that attackers behind the TrueBot malware operation exploit a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software for initial access to targets' networks. A week prior, CISA also warned of distributed denial-of-service (DDoS) attacks targeting U.S. organizations across various industry sectors.
Related News
- Google Rolls Out July Security Updates for Android, Addressing 46 Vulnerabilities
- Google Addresses Third Chrome Zero-Day Exploit in 2023
- Google Releases Security Update for Actively Exploited Chrome Zero-Day
- Google and CISA Issue Warning on Android Flaw Exploited by Chinese App
Latest News
- CISA Warns of Truebot Malware Exploiting Netwrix Auditor RCE Vulnerability
- New Linux Kernel Vulnerability 'StackRot' Unveiled by Researchers
- Cisco Alerts Users of High-Severity Vulnerability in Data Center Switches
- Google Rolls Out July Security Updates for Android, Addressing 46 Vulnerabilities
- Critical SQL Injection Vulnerabilities Uncovered in MOVEit Transfer
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.