A known security vulnerability in Mali GPU could affect millions of Android devices as it remains unpatched as reported by Google.

As reported first by 9to5Google, Google Project Zero has highlighted a security vulnerability known as CVE-2022-33917 affecting only Mali GPUs. The platform is found on non-Snapdragon Android devices most notably Samsung Exynos chipsets, and Google’s Tensor chipsets. Mediatek Dimensity devices from OPPO, Xiaomi. According to developer ARM, this vulnerability allows attackers to gain access to freed memory. Google added that “…by forcing the kernel to reuse these pages as page tables, an attacker with native code execution in an app context could gain full access to the system…”.

ARM has already been informed of the vulnerability by Project Zero as early as July this year. On their official site, ARM has stated that they have already fixed the vulnerability on their end. However, security measures are yet to been taken by smartphone developers like Samsung, Google and the rest. A statement on 27th November by both Android and Pixel teams stated a fix is currently under testing. It was stated that the fix will be available to all “in the coming weeks”. Two weeks on since then, no further updates have been provided.

Source: 9to5Google, PhoneArena, SamMobile