Due to the slow and heavy patching process, millions of Android devices are vulnerable to cyberattacks. Research from Google’s Project Zero team has identified five vulnerabilities affecting devices with Arm Mali GPUs. You read that right, and this GPU is almost found on all Android devices from most smartphone manufacturers.
The researchers have categorized the vulnerabilities in CVE-2022-33917 and CVE-2022-36449. According to the report, the CVE-2022-33917 can allow attackers to control GPU processing to gain access to the free memory section. While the CVE-2022-36449 can enable attackers to access freed memory, disclose memory mappings details, and write outside of buffer bounds.
A vulnerability has been reported in Mali GPU drivers with the codenames Midgard, Bifrost, and Valhall. These GPUs are used in the following devices.
Smartphones With Valhall Drivers
- Google Pixel 7
- Asus ROG Phone 6
- Redmi Note 11 and 12
- Honor 70 Pro
- RealMe GT
- Xiaomi 12 Pro
- Oppo Find X5 Pro
- Reno 8 Pro
- Motorola Edge
- OnePlus 10R
Smartphones With Bifrost Drivers
-
- Samsung Galaxy S10
- Samsung Galaxy S9
- Samsung Galaxy A51
- Samsung Galaxy A71
- Redmi Note 10
- Huawei P30
- Huawei P40 Pro
- Honor View 20
- Motorola Moto G60S
- Realme 7
Smartphones With Midgard Drivers
- Samsung Galaxy S7
- Samsung Galaxy Note 7
- Sony Xperia X XA1
- Huawei Mate 8
- Nokia 3.1
- LG X
- Redmi Note 4
Rather than waiting for vendors to release necessary patches and monitor potential threats, the report suggests users can’t do anything to avoid the vulnerability. According to the report, ARM is yet to send the fix to the OEM partners, and it’s testing the fix for Android and Pixel devices. It is expected that the patch will be released within the next few weeks.