June 7, 2023

Five medium security flaws in Arm’s Mali GPU driver remain unpatched on Android devices for months, despite fixes released by the chipmaker.

Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022.

The vulnerabilities, collectively tracked under the identifiers CVE-2022-33917 with CVSS score: 5.5 and CVE-2022-36449 with CVSS score: 6.5, concern a case of improper memory processing, thereby allowing a non-privileged user to gain access to freed memory.

Advertisements

The list of affected drivers is below –

CVE-2022-33917

  • Valhall GPU Kernel Driver: All versions from r29p0 – r38p0

CVE-2022-36449

  • Midgard GPU Kernel Driver: All versions from r4p0 – r32p0
  • Bifrost GPU Kernel Driver: All versions from r0p0 – r38p0, and r39p0
  • Valhall GPU Kernel Driver: All versions from r19p0 – r38p0, and r39p0

This showcases a patching deviation can render millions of devices vulnerable at once and put them at risk of heightened exploitation by threat actors.

Google Project Zero researchers says that security teams will have to remain vigilant in their efforts until there’s a better way to sync patches and updates.

Minimizing the ‘patch gap’ for a vendor in these scenarios is arguably more critical, as it allows end users to receive the security benefits of the patch

Note : Part of this writeup referred from The Hacker News

Tags:

Leave a Reply

You may have missed

Microsoft to comply with LinkedIn GDPR Violation

Microsoft to comply with LinkedIn GDPR Violation

June 7, 2023
Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
%d bloggers like this: