Android Fixes Mali GPU Vulnerability Used by Spyware

by Emma Davis
June 8, 2023
Mali GPU vulnerability
Written by Emma Davis

Google released a monthly set of patches for Android, fixing a total of 56 vulnerabilities, five of which are considered critical, and one vulnerability known as the Mali GPU has been used by hackers since at least December last year.

Let me remind you that we wrote that Mali GPU Driver Vulnerabilities Threaten Millions of Devices, and also that NVIDIA Released Update That Fixes Ten Vulnerabilities in Windows GPU Drivers.

Also, information security specialists noted that Spyware Developers Ready to hack iOS and Android for 8 million euros.

The developers have provided some details on exploiting the CVE-2022-22706 issue found in Arm’s Mali GPU driver.

According to researchers from the Google Threat Analysis Group (TAG), this issue may have had limited, focused use in spyware campaigns targeting Samsung phones.

The campaigns were targeted and the attackers took advantage of the large time window that occurred between the release of the patch and its full rollout on end user devices.the TAG researchers said.

Scoring 7.8 out of 10 on the CVSS vulnerability rating scale, this bug allowed unprivileged users to gain write access to read-only memory pages. According to Arm, the following kernel driver versions are affected by the issue:

  1. Midgard GPU Kernel Driver – all versions from r26p0 to r31p0;
  2. Bifrost GPU Kernel Driver – all versions from r0p0 to r35p0;
  3. Valhall GPU Kernel Driver – all versions from r19p0 to r35p0.

That being said, Arm fixed the issue back in Bifrost and Valhall GPU Kernel Driver r36p0 and Midgard Kernel Driver r32p0, but the fix has made it to Android stable just now.

It’s also worth noting that Samsung engineers fixed CVE-2022-22706 in May 2023. Apparently, the company’s quick response was due to the active exploitation of this vulnerability by attackers.

In addition to the issue described above, the following critical bugs have been fixed this month:

  1. CVE-2023-21127 – Android Framework remote code execution affecting Android 11, 12, and 13 (fixed in security level 2023-06-01).
  2. CVE-2023-21108 – Android System remote code execution affecting Android 11, 12, and 13 (fixed in security level 2023-06-01).
  3. CVE-2023-21130 – Android System remote code execution affecting Android 13 (fixed in security level 2023-06-01).
  4. CVE-2022-33257 – Unknown Critical Vulnerability Affecting Closed Source Qualcomm Components (patched at security level 2023-06-05).
  5. CVE-2022-40529 – An unknown type of critical vulnerability affecting closed source Qualcomm components (fixed at security level 2023-06-05).
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

View all posts

Leave a Reply

Sending