A established of five medium-severity security flaws in Arm’s Mali GPU driver has ongoing to keep on being unpatched on Android products for months, in spite of fixes unveiled by the chipmaker.
Google Challenge Zero, which identified and described the bugs, reported Arm addressed the shortcomings in July and August 2022.
“These fixes have not yet manufactured it downstream to impacted Android equipment (which include Pixel, Samsung, Xiaomi, Oppo, and other individuals),” Venture Zero researcher Ian Beer stated in a report. “Units with a Mali GPU are at present vulnerable.”
The vulnerabilities, collectively tracked below the identifiers CVE-2022-33917 (CVSS score: 5.5) and CVE-2022-36449 (CVSS score: 6.5), problem a scenario of improper memory processing, therefore allowing a non-privileged person to attain access to freed memory.
The 2nd flaw, CVE-2022-36449, can be further more weaponized to generate outside of buffer bounds and disclose information of memory mappings, in accordance to an advisory issued by Arm. The checklist of afflicted motorists is down below –
- Valhall GPU Kernel Driver: All versions from r29p0 – r38p0
- Midgard GPU Kernel Driver: All versions from r4p0 – r32p0
- Bifrost GPU Kernel Driver: All variations from r0p0 – r38p0, and r39p0
- Valhall GPU Kernel Driver: All variations from r19p0 – r38p0, and r39p0
The results at the time yet again emphasize how patch gaps can render millions of devices susceptible at after and put them at risk of heightened exploitation by danger actors.
“Just as users are advised to patch as promptly as they can as soon as a release containing security updates is accessible, so the same applies to vendors and firms,” Beer said.
“Firms will need to stay vigilant, adhere to upstream resources intently, and do their greatest to provide total patches to buyers as before long as feasible.”
Observed this write-up intriguing? Comply with THN on Fb, Twitter and LinkedIn to read through more distinctive written content we article.
Some pieces of this report are sourced from: