Using a malicious app installed on the target device, a security researcher has published technical details on an Arm Mali GPU vulnerability that allows for root access and arbitrary kernel code execution on Pixel 6 phones.
The problem is categorized as a use-after-free bug that affects Arm Mali GPU driver versions prior to r40p0 and is tracked as CVE-2022-38181 (CVSS score of 8.8). The problem, according to Man Yue Mo of the GitHub Security Lab, involves a special function for sending “job chains” to the GPU that also supports kernel-implemented jobs that run on the CPU.
The Android team initially assigned the flaw a “high severity” rating, but later informed the researcher that no patch would be made available and forwarded the report to the Arm team.
Read More: Arm Vulnerability Leads to Code Execution, Root on Pixel 6 Phones
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.