Mali GPU vulnerabilities leave millions of Android users vulnerable to attacks

Google's Project Zero security team revealed that there are five security vulnerabilities in the drivers for the Mali GPU graphics processing unit from Arm

A report published by Google’s Project Zero security team revealed that there are five security vulnerabilities in the drivers for the Mali GPU graphics processing unit from Arm, which is found in millions of Android phones.

According to the report, the five vulnerabilities are still vulnerable to exploitation, although chip maker Arm fixed them months ago, exposing millions of users to cyberattacks.

There are drivers for the Mali graphics processing unit in phones from prominent companies, such as Google, Samsung, Xiaomi, and OPPO, in addition to many other smartphone manufacturers that are waiting for the fix to be available to present to users.

The report, published by the Project Zero team, highlights the “patch gap” issue that has plagued the Android supply chain, as it usually takes a few months for security updates for the firmware to reach affected devices.

OEM partners need time to test and implement repairs on their devices, a process that extends the time to end-user devices.

Mali GPU vulnerabilities and their impact on Android phones

The Project Zero team discovered the vulnerabilities last June, and they are being tracked with the following identifiers: CVE-2022-33917 and CVE-2022-36449.

CVE-2022-33917 allows an unprivileged user to perform inappropriate graphics processing operations to access free memory sections.

Another identifier CVE-2022-36449 includes issues that allow an unprivileged user to access freed memory, write outside buffer boundaries, and expose details of memory mappings.

While the severity of the issues is moderate, they are exploitable and affect a large number of Android devices.

The first identifier drivers are used in the Mali G710, Mali G610, and Mali G510 chips found in Google Pixel 7, Asus ROG Phone 6, Redmi Note 11, Redmi Note 12, Honor 70 Pro, Realme GT, Xiaomi 12 Pro, Oppo Find X5 Pro, Oppo Reno 8 Pro, Motorola Edge, and OnePlus 10R.

The drivers for the other identifier are in Mali G76, Mali G72, and Mali G52 chips older than 2018 and are used in Samsung Galaxy S10, Galaxy S9, Galaxy A51, Galaxy A71, and Redmi Note. 10, Huawei P30, Huawei P40 Pro, Honor View 20, Motorola Moto G60s, Realme 7.

The drivers for the other identifier are also used in the Mali T800 and Mali T700 chipsets launched in 2016, which are mainly found inside the phones: Samsung Galaxy S7, Galaxy Note 7, Sony Xperia X XA1, Huawei Mate 8, Nokia 3.1, And LG X, and Redmi Note 4.

Currently, there is nothing users can do to mitigate the impact of these vulnerabilities except wait for the phone manufacturer to provide appropriate patches and monitor for potential threats.

Older models that use only a few other ID drivers are less likely to receive a patch install, so they should be replaced entirely.

It is noteworthy that the drivers for the Mali GPU graphics processing unit are used by SoC chips from companies such as MediaTek, Huawei’s HiSilicon Kirin, and Samsung’s Exynos, which powers most Android devices on the market.

It’s also worth noting that the fix from Arm hasn’t reached phone makers yet, but it’s being tested at Google for Android and Pixel phones. In a few weeks, the Android system will provide the patch to the companies that will release it for their phones.

Don’t Stop Here

More To Explore

solar eclipse eclipse solar eclipse 2024 solar eclipse 2023 eclipse 2024 eclipse 2023 2023 eclipse 2023 solar eclipse april 8 2024 eclipse 2024 total eclipse 2023 solar eclipses 2024 sun eclipse eclipse april 8 2024 eclipse lunar eclipse eclipse of the sun 2024 eclipse solar eclipse eclipse2023 lunar eclipses solar and eclipse solar eclipse solar eclipse solar solar eclipse solar sun eclipse total eclipse in 2024 total eclipse 2024 total solar eclipse 2024 next solar eclipse total eclipse next eclipse total solar eclipse april 2024 eclipse annular solar eclipse annular eclipse 2023 lunar eclipse 2023 annular eclipse eclipse april 2024 april 2024 solar eclipse solar eclipse april 2024 annular solar eclipse 2023 eclipse today 2023 annular eclipse total eclipse of the sun 2024 sun eclipse 2024 totality eclipse 2024 total eclipse april 2024 8 april 2024 eclipse lunar penumbral eclipse october 2023 eclipse of 2024 eclipse of sun today eclipse penumbral eclipse timer full eclipse of the moon lunar eclipses 2023 next eclipse of the sun solaire eclipse solar eclipse of april 20 2023 solar eclipse of october 14 2023 solar eclipse today solar v lunar eclipse sun eclipse next total solar eclipse in 2024 upcoming sun eclipse sun eclipse next total solar eclipse eclipse 2022 great american eclipse 2024 total solar eclipse 2023 total eclipse 2023 next eclipse 2023 full solar eclipse 2024 full eclipse 2024 upcoming solar eclipse full solar eclipse next total eclipse eclipse april 2023 sun eclipse 2023 iso 12312 2 next eclipse 2024 next full solar eclipse total lunar eclipse april eclipse 2024 next solar eclipse 2023 future solar eclipses eclipse in 2024 solar and lunar eclipse full eclipse 2023 2023 total solar eclipse 1993 eclipse 2017 eclipse 2017 solar eclipse 2017 total solar eclipse 2019 eclipse 2022 solar eclipse 2024 solar eclipse best viewing april 20 eclipse april 8 2024 solar eclipse april 8 2024 total solar eclipse april eclipse 2023 april solar eclipse 2024 eclipse 1994

Experience the Solar Eclipse with The Eclipse App: Your Ultimate Companion

An innovative app, tailored to enhance your observation of the total solar eclipse on April 8, 2024, has risen to prominence on the App Store. Titled simply “The Eclipse App,” it has amassed over 140,000 lifetime downloads on both iOS and Android platforms. This app serves as a comprehensive tool for experiencing the celestial event, providing features such as cloud cover forecasts, precise timing for totality at your specific location, and details on local events, parks, and viewing sites in your vicinity.

Twitter Introduces Payments for Verified Creators' Advertisements in Replies, Elon Musk Announces

Brazil Investigates Elon Musk Over X Dispute

Brazil has launched an investigation into Elon Musk over potential obstruction of justice following X’s reversal of a decision to block certain profiles in the country.