CISA Directs Government Agencies to Patch Actively Exploited Android Driver

July 7, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an order for federal agencies to rectify a high-severity flaw in the Arm Mali GPU kernel driver. This flaw, known as CVE-2021-29256, is a use-after-free vulnerability that can enable attackers to escalate to root privileges or access sensitive information on targeted Android devices by permitting inappropriate operations on GPU memory. Arm's advisory statement reads, "A non-privileged User can make improper operations on GPU memory to gain access to already freed memory and may be able to gain root privilege, and/or disclose information." This issue has been addressed in the Bifrost and Valhall GPU Kernel Driver r30p0 and fixed in Midgard Kernel Driver r31p0 release. Users are advised to upgrade if they are affected by this issue.

In the recent security updates for the Android operating system, Google has patched two additional security flaws identified as being exploited in attacks. CVE-2023-26083, a medium-severity memory leak flaw in the Arm Mali GPU driver, was used in December 2022 as part of an exploit chain that delivered spyware to Samsung devices. Another vulnerability, CVE-2023-2136 rated as critical severity, is an integer overflow bug found in Google's Skia, an open-source multi-platform 2D graphics library. Notably, Skia is used with the Google Chrome web browser, where it was addressed in April as a zero-day bug.

U.S. Federal Civilian Executive Branch Agencies (FCEB) have been instructed to secure their devices against attacks targeting the CVE-2023-20963 vulnerability by July 28th. This vulnerability was added to CISA's list of Known Exploited Vulnerabilities today. As per the binding operational directive (BOD 22-01) issued in November 2021, federal agencies are obligated to thoroughly assess and address any security flaws outlined in CISA's KEV catalog. While the catalog primarily targets U.S. federal agencies, private companies are also strongly advised to prioritize and patch all vulnerabilities listed in CISA's catalog. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned today.

Earlier this week, CISA alerted that attackers behind the TrueBot malware operation exploit a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software for initial access to targets' networks. A week prior, CISA also warned of distributed denial-of-service (DDoS) attacks targeting U.S. organizations across various industry sectors.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.