It’s not just software that opens up holes in your digital life, but hardware vulnerabilities can also impact your security. This is the case of devices with the Android operating system that run on Mali processors (GPU), from Arm.
According to a new report from Google Project Zero, five exploitable vulnerabilities are open and unpatched in the Mali GPU driver. Arm Holdings, owner of Mali, has already released a correction patch to mitigate the problem, however, the Project Zero team makes it clear that the five vulnerabilities remain unpatched.
This means that potentially millions of Android users with devices from brands such as Samsung, Xiaomi, Motorola are susceptible to targeted attacks.
What an Attacker Can Accomplish
One of the flaws, technically recognized as CVE-2022-033917, allows a user without system privileges to perform improper operations on the GPU and gain access to sections of memory.
Another flaw, CVE-2022-36449, allows a cybercriminal to access free memory – that which is no longer available in the system -, in addition to writing data to the buffer and obtaining memory mapping details.
In summary, this allows an attacker to obtain more detailed information about the functioning of the device and the victim’s memory usage pattern.
Unfortunately, there is no action for users to take.
While the vulnerabilities received a “medium” impact rating, this loophole allows for further cascading strikes to follow. For example, engaging in phishing or extortion scams with collected information.
Unfortunately, there is no action to be taken by users of Android phones with a Mali GPU – other than waiting for the company responsible for the processor to quickly release a patch that works.
However, in a few weeks, Google should release an Android patch aimed at the manufacturers responsible for the correction.