Mali GPU ‘Patch Gap’ Leaves Android Users Vulnerable To Attacks
Five Unpatched Flaws In Arm’s Mali GPU Driver Are Leaving Android Users At Risk.
Millions of Android devices are still vulnerable to a security risk due to five exploitable flaws in Arm’s Mali GPU driver, even though the vendor patched them months ago.
As you can see from this list of vulnerable Google devices, there are many famous names, including ones made by Google and Samsung. Although a security fix is still on the way at the time of writing this, it’s good to know that some major vendors have released patches.
Project Zero, a team at Google that searches for and reports security problems in consumer products, recently highlighted the “patch gap” plaguing Android devices. It typically takes several months for firmware updates to reach devices on the supply chain.
Original Equipment Manufacturers need time to test and implement the fixes into their devices, a process that prolongs the time before the update reaches end-user devices.
The ‘Patch Gap’ Flaws and Their Impact
CVE-2022-33917 is a vulnerability that allows a non-privileged user to perform improper GPU processing operations to access free memory sections. It impacts Arm Mali GPU kernel drivers Valhall r29p0 through r38p0.
The second identifier, CVE-2022-36449, consists of issues that allow a non-privileged user to gain access to freed memory, write outside of buffer bounds, and disclose details of memory mappings.
This security update impacts the Arm Mali GPU kernel drivers Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p before -r-38-p1.
The vulnerabilities detailed in this report can be used to exploit specific Android devices, leading to service disruptions. The severity of these issues is medium.
Google Pixel 7, Asus ROG Phone 6, Redmi Note 11, 12, Honor 70 Pro, RealMe GT, Xiaomi 12 Pro, Oppo Find X5 Pro, and Reno 8 Pro all have Mali G710, G610, and G510 chips inside them.
Bifrost drivers are used in the older (2018) Mali G76, G72, and G52 chips. They’re on Samsung Galaxy S10, S9, A51, and A71; Redmi Note 10, Huawei P30 and P40 Pro; Honor View 20, Motorola Moto G60S, and Realme 7.
This driver from Midgard is compatible with the Mali T800 and T700 series chips, most notably found inside the Samsung Galaxy S7 and Note 7, Sony Xperia X XA1, Huawei Mate 8, Nokia 3.1, LG X, Redmi Note 4, and more.
Older versions (e.g., Midgard) of these products are not likely to be included in any more fixings, so they should be replaced with newer models.
Most Android devices use Mali GPU drivers. This includes devices from MediaTek, HiSilicon, and Samsung.
The Arm fix for Spectre and Meltdown has yet to be delivered to all OEM partners but is being tested on Android and Pixel devices. In a few weeks, Android will provide the fix to its partnering OEMs responsible for implementing the fixes.
Google Project Zero says that security teams will have to remain vigilant in their efforts until there’s a better way to sync patches and updates.
Minimizing the ‘patch gap’ for a vendor in these scenarios is arguably more critical, as it allows end users (or other vendors downstream) to receive the security benefits of the patch.