Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws
Nov 24, 2022
A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker. Google Project Zero, which discovered and reported the bugs, said Arm addressed the shortcomings in July and August 2022. "These fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo, and others)," Project Zero researcher Ian Beer said in a report. "Devices with a Mali GPU are currently vulnerable." The vulnerabilities, collectively tracked under the identifiers CVE-2022-33917 (CVSS score: 5.5) and CVE-2022-36449 (CVSS score: 6.5), concern a case of improper memory processing, thereby allowing a non-privileged user to gain access to freed memory. The second flaw, CVE-2022-36449, can be further weaponized to write outside of buffer bounds and disclose details of memory mappings, according to an advisory issued by Arm. The lis
