A set of five medium-severity security flaws in Arm’s Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker.
According to Google Project Zero, which found and reported the bugs, Arm fixed the issues in July and August of 2022. Project Zero researcher Ian Beer stated in a report that “these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo, and others).” “Mali GPU-equipped devices are currently vulnerable.”
Also Read: Strategies for Enterprises to Reduce Their Risk of Being in a Supply Chain Attack
The flaws, which are collectively tracked as CVE-2022-33917 (CVSS score: 5.5) and CVE-2022-36449 (CVSS score: 6.5), involve an instance of incorrect memory processing that gives a non-privileged user access to freed memory.
Read More: Millions of Android Devices Still Don’t Have Patches for Mali GPU Flaws
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.