Millions of Android devices at risk due to Arm Mali GPU driver bug
Millions of Android devices are at risk of network attacks due to slow and cumbersome patch (opens in a new tab) troublesome process for decentralized mobile platforms.
Cybersecurity researchers from Google’s Project Zero team discovered a total of 5 vulnerabilities affecting Arm Mali GPU drivers.
The vulnerabilities have been grouped by two identifiers – CVE-2022-33917 and CVE-202236449, and they allow threat actors a multitude of options, from accessing portions of free memory to writing externally. out of buffer limit. They all received “moderate” severity scores.
More OEMs, slower patches
The vulnerabilities have been patched, but hardware manufacturers have yet to apply these patches on their products. final point (opens in a new tab). Unlike Apple, which is the only company that creates both hardware and software for the iPhone mobile ecosystem, Google is not the only company that makes Android software and hardware.
Besides Google with its Pixel phones, there are a relatively large number of smartphone manufacturers that build devices running Android, such as Samsung, LG, Oppo, and many others. All of these companies have their own, modified versions of Android and their own hardware approach. That said, when a vulnerability is discovered, each original equipment manufacturer (OEM) needs to apply a patch to their own device. That can take time as these patches can sometimes conflict with device drivers or other components.
And that’s exactly the problem here.
The vulnerabilities affecting Arm’s Mali GPU driver are codenamed Valhall, Bifrost, Midgard and affect a long list of devices, including Pixel 7, RealMe GT, Xiaomi 12 Pro, OnePlus 10R, Samsung Galaxy S10, Huawei P40 Pro, etc. The entire list can be found here (opens in a new tab).
Right now, users can’t do anything but wait for their respective manufacturers to apply the patch, as it will be shipped to OEMs in a few weeks.
Through the: BleepingComputer (opens in a new tab)