Security News > 2022 > November > Mali GPU ‘patch gap’ leaves Android users vulnerable to attacks

A set of five exploitable vulnerabilities in Arm's Mali GPU driver remain unfixed months after the chip maker patched them, leaving potentially millions of Android devices exposed to attacks.
The vulnerability impacts Arm Mali GPU kernel drivers Valhall r29p0 to r38p0.
While the severity score of the issues is medium, they are exploitable and impact a wide number of Android devices.
Mali GPU drivers are used by system-on-a-chip circuits from vendors such as MediaTek, HiSilicon Kirin, and Exyno, which power most Android devices on the market.
At the moment, the fix from Arm has not reached OEM partners and is being tested for Android and Pixel devices.
In a few weeks, Android will be delivering the patch to its partners, who are reponsible for implementing the fix.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (source)
- iOS devices face twice the phishing attacks of Android (source)
- Old Fortinet flaws under attack with new method its patch didn't prevent (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- SonicWall urges admins to patch VPN flaw exploited in attacks (source)