CISA warns govt agencies to patch actively exploited Android driver

CISA

CISA ordered federal agencies today to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its list of actively exploited vulnerabilities and addressed with this month’s Android security updates.

The flaw (tracked as CVE-2021-29256) is a use-after-free weakness that can let attackers escalate to root privileges or gain access to sensitive information on targeted Android devices by allowing improper operations on GPU memory.

“A non-privileged User can make improper operations on GPU memory to gain access to already freed memory and may be able to gain root privilege, and/or disclose information,” Arm’s advisory reads.

“This issue is fixed in Bifrost and Valhall GPU Kernel Driver r30p0 and fixed in Midgard Kernel Driver r31p0 release. Users are recommended to upgrade if they are impacted by this issue.”

With this month’s security updates for the Android operating system, Google patched two more security flaws tagged as being exploited in attacks.

CVE-2023-26083 is a medium-severity memory leak flaw in the Arm Mali GPU driver leveraged in December 2022 as part of an exploit chain that delivered spyware to Samsung devices.

A third vulnerability, tracked as CVE-2023-2136 and rated as critical severity, is an integer overflow bug found in Google’s Skia, an open-source multi-platform 2D graphics library. Notably, Skia is used with the Google Chrome web browser, where it was addressed in April as a zero-day bug.

Federal agencies ordered to secure Android devices within 3 weeks

U.S. Federal Civilian Executive Branch Agencies (FCEB) have been given until July 28th to secure their devices against attacks targeting the CVE-2021-29256 vulnerability added to CISA’s list of Known Exploited Vulnerabilities today.

According to the binding operational directive (BOD 22-01) issued in November 2021, federal agencies are bound to thoroughly assess and address any security flaws outlined in CISA’s KEV catalog.

Although the catalog primarily focuses on U.S. federal agencies, it’s also strongly recommended that private companies prioritize and patch all vulnerabilities listed in CISA’s catalog.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA warned today.

Earlier this week, the cybersecurity agency warned that attackers behind the TrueBot malware operation exploit a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software for initial access to targets’ networks.

One week earlier, CISA also warned of distributed denial-of-service (DDoS) attacks targeting U.S. organizations across multiple industry sectors.


Original Source



A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.