A set of vulnerabilities within ARM’s Mali mobile GPU drivers that went largely unchecked and unpatched now risk attacking the details of millions of potential Android devices. According to reports, there are at least five exploitable vulnerabilities that have not been patched for months, after being patched by the chipmaker.
These Malian GPU flaws were highlighted in a report from Google’s Project Zero team, which highlighted the discrepancy, as well as how resolving the issue would take months before new security updates. do not reach the affected devices. Devices affected by the vulnerabilities include those from brands such as Google, Samsung, Xiaomi and Oppo.
Discovered in June this year, the five Mali GPU vulnerabilities are tracked under the collective identifiers CVE-2022-33917 and CVE-2022-36449. The first allows unprivileged users to perform inappropriate GPU processing operations, in order to access free memory sections.
The second Mali GPU identifier, CVE-2022-36449, essentially allows unprivileged users to access freed memory, write outside buffer boundaries, and leak details of memory mappings. On the other hand, these issues seem to affect the kernel drivers of the Midgard, Bifrost, and Valhall models.
As for the affected Malian GPUs, the G710, G610 and G510 mobile GPUs. As for the phones that use these GPUs, the list of GPUs based on Valhall includes Google Pixel 7, ASUS ROG Phone 6, Redmi Note 11 and Note 12, Honor 70 Pro, RealMe GT, Xiaomi 12 Pro, Oppo Find X5 Pro and Reno 8 Pro, Motorola Edge and OnePlus 10R.
ADVERTISING
For Mali GPUs based on Bifrost drivers, they include the G76, G72 and G52 chips found in the Samsung Galaxy S10, S9, A51 and A71, Redmi Note 10, Huawei P30 and P40 Pro, Honor View 20, Motorola Moto G60S and realme 7.
Then for Midgard-based Mali GPUs, the list includes the already archaic Mali T800 and T700 series chips, primarily found in what are also essentially legacy devices at this point: the Samsung Galaxy S7 and Note 7, Sony Xperia X XA1, Huawei Mate 8, Nokia 3.1, LG X and Redmi Note 4.
The good news is that devices powered by Qualcomm’s Snapdragon chipset are unaffected. As of this writing, there still does not appear to be a fix from ARM for the Mali GPU flaws. That being said, Google’s Android team is expected to deliver a fix to its OEM partners, who are responsible for implementing said fix.
(Source: BleepingComputer, Google)
follow us on instagram, Facebook, Twitter Where Telegram for more updates and latest news.
