Security News > 2022 > November > Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws
A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker.
"These fixes have not yet made it downstream to affected Android devices," Project Zero researcher Ian Beer said in a report.
"Devices with a Mali GPU are currently vulnerable."
The vulnerabilities, collectively tracked under the identifiers CVE-2022-33917 and CVE-2022-36449, concern a case of improper memory processing, thereby allowing a non-privileged user to gain access to freed memory.
The findings once again highlight how patch gaps can render millions of devices vulnerable at once and put them at risk of heightened exploitation by threat actors.
"Companies need to remain vigilant, follow upstream sources closely, and do their best to provide complete patches to users as soon as possible."
|2022-09-01||CVE-2022-36449|| Use After Free vulnerability in ARM Bifrost, Midgard and Valhall |
An issue was discovered in the Arm Mali GPU Kernel Driver.
| 6.5 |
|2022-08-02||CVE-2022-33917|| Unspecified vulnerability in ARM Valhall GPU Kernel Driver R34P0 |
An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0).
| 0.0 |