Security News > 2022 > November > Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws

Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws
2022-11-24 11:17

A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker.

"These fixes have not yet made it downstream to affected Android devices," Project Zero researcher Ian Beer said in a report.

"Devices with a Mali GPU are currently vulnerable."

The vulnerabilities, collectively tracked under the identifiers CVE-2022-33917 and CVE-2022-36449, concern a case of improper memory processing, thereby allowing a non-privileged user to gain access to freed memory.

The findings once again highlight how patch gaps can render millions of devices vulnerable at once and put them at risk of heightened exploitation by threat actors.

"Companies need to remain vigilant, follow upstream sources closely, and do their best to provide complete patches to users as soon as possible."


News URL

https://thehackernews.com/2022/11/million-of-android-devices-still-dont.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-09-01 CVE-2022-36449 Use After Free vulnerability in ARM Bifrost, Midgard and Valhall
An issue was discovered in the Arm Mali GPU Kernel Driver.
network
low complexity
arm CWE-416
6.5
2022-08-02 CVE-2022-33917 Unspecified vulnerability in ARM Valhall GPU Kernel Driver R34P0
An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0).
arm
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Android 5 0 18 2 0 20