December 1, 2022

TheCyberThrone

Thinking Security ! Always

Unpatched Mali GPU leaves Android Devices vulnerable


Five medium security flaws in Arm’s Mali GPU driver remain unpatched on Android devices for months, despite fixes released by the chipmaker.

Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022.

The vulnerabilities, collectively tracked under the identifiers CVE-2022-33917 with CVSS score: 5.5 and CVE-2022-36449 with CVSS score: 6.5, concern a case of improper memory processing, thereby allowing a non-privileged user to gain access to freed memory.

Advertisements

The list of affected drivers is below –

CVE-2022-33917

  • Valhall GPU Kernel Driver: All versions from r29p0 – r38p0

CVE-2022-36449

  • Midgard GPU Kernel Driver: All versions from r4p0 – r32p0
  • Bifrost GPU Kernel Driver: All versions from r0p0 – r38p0, and r39p0
  • Valhall GPU Kernel Driver: All versions from r19p0 – r38p0, and r39p0

This showcases a patching deviation can render millions of devices vulnerable at once and put them at risk of heightened exploitation by threat actors.

Google Project Zero researchers says that security teams will have to remain vigilant in their efforts until there’s a better way to sync patches and updates.

Minimizing the ‘patch gap’ for a vendor in these scenarios is arguably more critical, as it allows end users to receive the security benefits of the patch

Note : Part of this writeup referred from The Hacker News

%d bloggers like this: