Android

ARM Mali GPU phones are a security risk

Millions of Android operating system smartphones using the ARM Mali graphics unit may be exposed to an active security risk (CVE-2022-33917). A flaw in Mali units using the Bifrost GPU kernel driver in Valhall between r29p0 and r38p0, Midgard between r4p0 and r32p0, r0p0 and r38p0, and before r39p0 and r38p1 allows attackers to remotely access the device’s free memory and GPU run user tasks in the background. The error was reported to ARM on June 17 this year, and the patch from the company has arrived for the mentioned drivers, but it seems that it has not reached the smartphones: Oppo, Xiaomi, Exynos chip-based Samsung using MediaTek chips, but even the It was also found on Google’s own Pixel smartphones with the latest system available on the device.

Snapdragon chips developed by Qualcomm are not affected by the risk, as they do not use ARM GPUs. Most of MediaTek’s SoCs do, however. [+]

As a result, Google Project Zero asks the question, why does it take so long between the reporting of a bug, the birth of a fix package and its arrival to users? Google announced in a statement on November 27 that the Android and Pixel groups are already working on testing the implementation of fixes contributed by ARM, and the first security update for Pixel devices will be available in the coming weeks. According to the announcement, Google will also expect OEM partners to update their own systems, as the fix will be included in the basic requirements of the next security package level (SPL).

Related Articles

Related Articles

Back to top button