Critical security updates released for Qualcomm and ARM chips

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Qualcomm and ARM have released multiple security patches in response to the discovery of several zero-day vulnerabilities that are currently under active exploitation. Qualcomm and ARM, which both design and produce advanced microchips, have been alerted by the Google Threat Analysis Group (TAG) and the Project Zero team about these vulnerabilities, and their leverage by threat actors during victim exploitation.

The associated vulnerabilities are being tracked as:

• CVE-2023-33166: No CVSS score set (likely to be high/critical)
• CVE-2023-33107: No CVSS score set (likely to be high/critical)
• CVE-2023-33063: No CVSS score set (likely to be high/critical)
• CVE-2023-33200: No CVSS score set (likely to be high/critical)
• CVE-2023-34970: No CVSS score set (likely to be high/critical)
• CVE-2022-22071: CVSS 7.8 (high)

Impact

Successful exploitation of these vulnerabilities may allow attackers remote unauthorised access of private systems, thereby enabling the corruption of sensitive data. Several of these flaws are considered critical due to their high CVSS scores and their potential for remote exploitation.

Vulnerability Detection

Devices utilising affected Qualcomm and ARM chips, or those that haven’t received the recent security updates, are potentially vulnerable.

CVE-2023-33200

• Bifrost GPU Kernel Driver: All versions from r17p0 – r44p0
• Valhall GPU Kernel Driver: All versions from r19p0 – r44p0
• Arm 5th Gen GPU Architecture Kernel Driver: All versions from r41p0 – r44p0

CVE-2023-34970

• Valhall GPU Kernel Driver: r44p0
• Arm 5th Gen GPU Architecture Kernel Driver: r44p0

Affected Products

• Qualcomm Adreno GPU and Compute DSP drivers
• ARM’s Bifrost, Valhall, Midgard and Mali GPU kernel drivers
• Qualcomm’s Modem component, Data Modem component, and WLAN firmware

Containment, Mitigations & Remediations

Customers that use systems containing either Qualcomm or ARM chips, such as phones or tablets, are strongly advised to:

• Proactively monitor for any software updates and ensure that their devices, whether phones or tablets, are consistently updated to the latest security patches and firmware versions provided by their Original Equipment Manufacturers (OEM)
• Limit app downloads and source them only from trusted repositories to reduce the risk of local exploitation, for example, official app stores.

Indicators of Compromise

While specific Indicators of Compromise (IOCs) are not detailed, unusual system behaviour, memory-related issues, or unexplained data transfers could indicate potential compromise.

Threat Landscape

Both Qualcomm and ARM are giants in the chip industry, with their products being integrated into a vast number of devices. This makes them prime targets for cyber attackers, especially when vulnerabilities that can be remotely exploited are discovered.

Threat Group

No attribution to specific threat actors or groups has been identified at this time.

Mitre Methodologies

TA0002 – Execution

Further Information

Details on the actively exploited flaws by Qualcomm will be provided in their December 2023 bulletin. ARM has also issued an advisory regarding vulnerabilities affecting their Mali GPU drivers.