ICYMI: PanVK just landed a new framebuffer abstraction for Mali GPUs that drops OpenGL-specific constraints and enables more flexible Vulkan tiled rendering.

Take a closer look: https://www.collabora.com/news-and-blog/blog/2026/03/23/re-thinking-framebuffers-in-panvk/

#Mesa #PanVK @vulkan #Panfrost #MaliGPU #OpenSource

PanVK’s new framebuffer abstraction for Mali GPUs removes OpenGL-specific constraints, unlocking more flexible tiled rendering features in Vulkan.

Learn more about the process: https://col.la/framebufferspanvk

#Mesa #PanVK #Vulkan #Panfrost #MaliGPU #OpenSource

Người dùng đang tìm cách chạy llama.cpp với Vulkan trên GPU Mali-G57 MC2 (Samsung A15, chip Helio G99) qua Termux. Mặc dù đã khắc phục lỗi và nhận diện được GPU, nhưng lại gặp lỗi "Segmentation fault" khi tải mô hình Qwen3-0.6B. Ai có kinh nghiệm với setup này không?
#llama_cpp #Vulkan #MaliGPU #Termux #Android #AI #LLM #Troubleshooting
#llama_cpp_vn #Vulkan_vn #MaliGPU_vn #Termux_vn #Android_vn #AI_vn #LLM_vn #KhacPhucSuCo

https://www.reddit.com/r/LocalLLaMA/comments/1pe3sme/had_anyone_tried_t

Active Exploitation of Mali GPU Kernel Driver Flaw

Date: June 10, 2024
CVE: CVE-2024-4610
Vulnerability Type: [[Use-After-Free]] (UAF)
CWE: [[CWE-416]], [[CWE-119]]
Sources: Bleeping Computer, The Register, HotHardware

Synopsis

Arm has issued a security bulletin concerning a critical memory-related vulnerability in its Mali GPU kernel drivers, which is currently being exploited in the wild. This vulnerability affects Bifrost and Valhall GPU kernel drivers across multiple versions.

Issue Summary

The vulnerability, identified as [[CVE-2024-4610]], is a [[use-after-free]] flaw in the Mali GPU kernel drivers. This flaw allows a local non-privileged user to perform improper GPU memory operations, gaining access to already freed memory. The flaw impacts all versions of the Bifrost and Valhall drivers from r34p0 through r40p0.

Technical Key Findings

Use-after-free vulnerabilities occur when a program continues to use a pointer to a memory location after it has been freed. This can lead to serious issues such as information disclosure and arbitrary code execution. In the case of CVE-2024-4610, a local attacker could exploit this flaw to execute arbitrary code on the affected system, potentially leading to a full system compromise.

Vulnerable Products

• Bifrost GPUs: Versions r34p0 to r40p0
• Valhall GPUs: Versions r34p0 to r40p0
• Devices: Including but not limited to Samsung Galaxy S20, Xiaomi Redmi K30, Motorola Edge 40, OnePlus Nord 2, Chromebooks, and various embedded systems.

Impact Assessment

Exploitation of this vulnerability can lead to severe consequences, including unauthorized access to sensitive information, system compromise, and potential deployment of malware. The vulnerability's exploitation in the wild indicates a significant risk, especially for high-value targets such as activists and journalists.

Patches or Workaround

Arm has released a patch for this vulnerability in version r41p0 of the Bifrost and Valhall GPU Kernel Driver, available since November 24, 2022. Users are advised to update their drivers to the latest version to mitigate this risk. Due to the complexity of the supply chain, some users may experience delays in receiving the updates.

Tags

#CVE-2024-4610 #MaliGPU #Arm #UseAfterFree #Vulnerability #Patch #CyberSecurity #AndroidDevices #SystemCompromise #HighRisk

The October 2023 security updates for Android address 51 vulnerabilities, including two zero-day flaws that were exploited in attacks. One of the exploited issues, CVE-2023-4863, is a heap buffer overflow in the Libwebp library leading to remote code execution. It was reported by Apple and the Citizen Lab group at The University of Toronto and had been used to deliver spyware to iPhones. The second zero-day flaw, CVE-2023-4211, affects the Arm Mali GPU driver and allows improper GPU memory processing operations. Google has not provided specific information on these attacks, but past instances have shown these vulnerabilities being used in exploit chains to deliver commercial spyware.

#android #Google #MaliGPU #Security #Privacy #Risk #Samsung

"🚨 Urgent Patch Released for Mali GPU Kernel Driver Amidst Active Exploitation 🚨"

Arm has urgently patched a critical vulnerability in the Mali GPU Kernel Driver, which has been actively exploited in the wild. The flaw, CVE-2023-4211, affects multiple driver versions and allows a local non-privileged user to manipulate GPU memory processing, gaining access to previously freed memory. The exploitation evidence suggests a limited, targeted approach. 🎯🛡️

The issue was identified by Maddie Stone of Google's Threat Analysis Group (TAG) and Jann Horn of Google Project Zero. Google’s Android Security Bulletin also highlighted targeted exploitation of this CVE and another severe flaw, CVE-2023-4863, in the Chrome web browser. 🕵️‍♀️🔍

Source: The Hacker News

Tags: #CyberSecurity #Vulnerability #Patch #MaliGPU #Arm #Exploit #CVE20234211 #CyberAttack #InfoSec

🔗 MITRE CVE-2023-4211

👥 Authors: Maddie Stone @maddiestone   Twitter ) & Jann Horn @tehjh   Twitter

Edit: added mastodon accounts of researchers