Arm is warning its that Mali GPU driver has a vulnerability that is being actively exploited by bad actors.
Arm revealed the exploit in an advisory:
A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.
The company says the solution is to upgrade the driver to a newer version:
This issue is fixed in Bifrost, Valhall and Arm 5th Gen GPU Architecture Kernel Driver r44p1 and r45p0. Users are recommended to upgrade if they are impacted by this issue.
According to Ars Technica, Google’s Pixel line of smartphones — specifically the Pixel 7 — are among the most high-profile devices vulnerable to this exploit. Fortunately, Google addressed the issue in its September update.