December 5, 2023

Five medium security flaws in Arm’s Mali GPU driver remain unpatched on Android devices for months, despite fixes released by the chipmaker.

Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022.

The vulnerabilities, collectively tracked under the identifiers CVE-2022-33917 with CVSS score: 5.5 and CVE-2022-36449 with CVSS score: 6.5, concern a case of improper memory processing, thereby allowing a non-privileged user to gain access to freed memory.

Advertisements

The list of affected drivers is below –

CVE-2022-33917

  • Valhall GPU Kernel Driver: All versions from r29p0 – r38p0

CVE-2022-36449

  • Midgard GPU Kernel Driver: All versions from r4p0 – r32p0
  • Bifrost GPU Kernel Driver: All versions from r0p0 – r38p0, and r39p0
  • Valhall GPU Kernel Driver: All versions from r19p0 – r38p0, and r39p0

This showcases a patching deviation can render millions of devices vulnerable at once and put them at risk of heightened exploitation by threat actors.

Google Project Zero researchers says that security teams will have to remain vigilant in their efforts until there’s a better way to sync patches and updates.

Minimizing the ‘patch gap’ for a vendor in these scenarios is arguably more critical, as it allows end users to receive the security benefits of the patch

Note : Part of this writeup referred from The Hacker News

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023

LogoFAIL Firmware Attack

December 3, 2023

Proliance Surgeons Discloses a Data Breach

December 3, 2023

23andMe Breach affected 14K Customers

December 3, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

December 2, 2023

Staples affected by a Cyber Attack

December 2, 2023
%d