Vulnerable Arm GPU drivers under active exploitation

@Aragorn Context? Commentary? As far as I know, you have no ARM devices except maybe a phone with an older version of Android that has many security vulnerabilities.

…and that’s related how?

(The following is my understanding as an independent developer after a short analysis. It is not an official statement of the security team of any company. The statement does not represent the official position of Manjaro, ARM, my employer, or any other company.)

This is a use-after-free in the kernel portion of the proprietary drivers (*) provided by ARM, shipped, e.g., by Android/AOSP, or by Halium-based distributions. This vulnerability does not affect the Lima or Panfrost drivers used in Manjaro ARM (official images). Hence, Manjaro ARM as shipped by Manjaro is not vulnerable to this bug. Only the Manjaro on Halium (manjaro-libhybris) port and some non-Manjaro distributions (Android, Ubuntu Touch, etc.) affected.

(*) The affected portion of the kernel driver may or may not be available “under the GPLv2”, but the allegedly GPLv2 source code cannot be compiled without a proprietary DDK injecting binary blobs and is hence not actually distributed according to the GPL’s terms. And in addition, the userspace parts of the drivers are completely proprietary.