Phones
[U: Fix coming] Critical Mali GPU threat affected Samsung Exynos phones
[November 29] Update: Fix coming
According to 9to5Google, Google promised that a fix for Mali GPU-related exploit is currently in testing and will be delivered in the “coming weeks.” In a statement from the Android and Pixel teams, the company said that the patch will also be required for Android partners.
‘The fix provided by Arm is currently undergoing testing for Android and Pixel devices and will be delivered in the coming weeks. Android OEM partners will be required to take the patch to comply with future SPL requirements.”
Follow Sammy Fans on Google News
[November 25] Initial story…
On November 22nd, the Google Project Zero team discovered multiple security vulnerabilities/threats that affect various Samsung devices, specifically, Exynos chipset-powered devices with Mali GPU.
Join Sammy Fans on Telegram
Among the discovered vulnerabilities, one can lead to kernel memory corruption. Not that all, but the other threats can leak physical memory addresses, and three others can lead to a physical page us-after-free condition.
In general, if your Samsung Exynos device is affected by any of these Mali vulnerabilities/threats, an attacker who executes native code in an app can gain full access to the system and bypass the permission model of the OS.
Google’s Project Zero team in their blog post said that these vulnerabilities can let attackers continue reading and writing physical pages after returning to the system.
Notably, Google’s Project Zero team initially discovered these flaws while investigating Pixel 6 devices. Thankfully, all the Snapdragon processor-powered Galaxy models are unaffected by these vulnerabilities.
Back in July, ARM spotted these Mali-related security flaws, however, any smartphone maker didn’t patch to address them. As Project Zero has finally discovered the issue in Android, hopefully, the patches will be coming next month.
Apart from Samsung, ARM-made Mali GPUs are also used in Xiaomi and OPPO smartphones. Hence, some of the Xiaomi and OPPO devices could also be affected by these Mali-related security flaws.