Non-Snapdragon devices at risk from GPU exploits that have already been patched - Android Police

ARM issued fixes agelong ago, but manufacturers person yet to walk them along

No codification is perfect, but erstwhile gaps are recovered that attackers tin instrumentality vantage of, there's ever a accidental it could unfastened the floodgates for an unauthorized 3rd enactment to summation afloat entree to your devices. Luckily, it usually ne'er comes to that, arsenic these vulnerabilities are patched earlier catastrophe strikes, oregon rapidly patched if it does. This is wherefore timely information patches are important connected the best Android phones. That said, if your phone's utilizing a Mali GPU, you mightiness privation to instrumentality other attraction for the adjacent portion arsenic plugs for immoderate recently-disclosed information holes are inactive making their mode crossed devices..

Google's Project Zero information probe squad has a blog post detailing exploits it recovered based wrong Arm's Mali GPU driver. Mobile chipsets from the likes of Samsung (Exynos), Google (Tensor), and MediaTek that see the GPU whitethorn beryllium affected — not truthful overmuch those owning devices moving a Snapdragon SoC arsenic those diagnostic Qulacomm's ain Adreno GPU design.

Project Zero says 1 of its members performed an audit connected the Mali GPU operator aft a erstwhile exploit it recovered was patched — they gave a presumption connected the vulnerability astatine FirstCon22 successful June.

Google says that it reported these 5 issues to ARM months agone and they were promptly disclosed and fixed successful the driver's source. Yet, aboriginal downstream investigating had revealed that the fixes person not made it to idiosyncratic builds, resulting successful phones that are inactive susceptible adjacent contiguous — contempt the information that ARM fixed these issues arsenic aboriginal arsenic July. Even caller Tensor-equipped Google Pixel phones are affected.

The purpose of the station is to get OEMs to "mind the spot gap" and bash their champion to rotation retired information fixes to users arsenic soon arsenic possible. With a nationalist callout similar this, your phone's shaper whitethorn beryllium nether unit to walk on the patches — fixed your phone's shaper cares, of course.

The vulnerabilities are listed nether CVE-2022-33917.