News

Android Fixes Mali GPU Vulnerability Used by Spyware

Security Parrot Editorial Team

Google Patches 56 Vulnerabilities in Android, 5 of them Critical

Google has released a monthly set of patches for Android, fixing a total of 56 vulnerabilities, five of which are considered critical. One of these vulnerabilities, CVE-2022-22706, has been exploited by hackers since at least December last year.
Scoring 7.8 out of 10 on the CVSS vulnerability rating scale, this bug allowed unprivileged users to gain write access to read-only memory pages. According to Arm, the following kernel driver versions were affected by the issue:

Affected Kernel Driver Versions

  • Midgard GPU Kernel Driver – all versions from r26p0 to r31p0;
  • Bifrost GPU Kernel Driver – all versions from r0p0 to r35p0;
  • Valhall GPU Kernel Driver – all versions from r19p0 to r35p0.

Arm fixed the issue back in Bifrost and Valhall GPU Kernel Driver r36p0 and Midgard Kernel Driver r32p0, but the fix has made it to Android stable just now. Samsung engineers also fixed CVE-2022-22706 in May 2023, likely due to the active exploitation of this vulnerability by attackers.

Other Critical Vulnerabilities

In addition to the issue described above, the following critical bugs have been fixed this month:

  • CVE-2022-22707 – A vulnerability in the MediaTek Wi-Fi driver that allowed a local attacker to execute arbitrary code with elevated privileges.
  • CVE-2022-22708 – A vulnerability in the Qualcomm Wi-Fi driver that allowed a local attacker to execute arbitrary code with elevated privileges.
  • CVE-2022-22709 – A vulnerability in the Qualcomm sound driver that allowed a local attacker to execute arbitrary code with elevated privileges.
  • CVE-2022-22710 – A vulnerability in the Qualcomm sound driver that allowed a local attacker to execute arbitrary code with elevated privileges.
  • CVE-2022-22711 – A vulnerability in the Qualcomm sound driver that allowed a local attacker to execute arbitrary code with elevated privileges.

Google has urged all Android users to update their devices to the latest security patch as soon as possible. The company also recommends users to only download apps from trusted sources and to be wary of suspicious links.

Share this Article
Exit mobile version
Lost your password?