Since there is no perfect product, vulnerabilities will be found in the software and hardware of information products from time to time, so the update mechanism of manufacturers has become important. Recently, the Google team discovered the vulnerability of ARM Mali GPU, but even Google itself Its mobile phones have not yet patched up the loopholes.
▲ Google Pixel 7 Pro。
Project Zero is a team of security researchers at Google. On November 22, they disclosed on the team’s blog that they discovered five security vulnerabilities in the ARM Mali GPU driver between June and July this year. , and reported to ARM. After ARM knew the situation, it quickly announced in July and August, and released an update to fix the vulnerability.
The affected Mali GPU models include G710, G610, G510, G76, G72, G52, T800, T700, and then Project Zero began to continuously monitor the security updates issued by the manufacturer and found that all products using ARM Mali GPUs so far are still Not yet patched, including Google Pixle 7 with Mali G710.
One of the five vulnerabilities will cause kernel memory corruption, one will leak physical memory locations to user space that applications can read, and the other three are related to the use of freed memory. Read and write physical pages.
Fortunately, Google has begun testing the repair files provided by ARM. Pixel phones will be pushed through updates in the next few weeks, and Google has incorporated this update into the cumulative requirements of the Security Patch Level (SPL). Others The vendor’s upcoming security updates will patch this vulnerability.
Citation source: Project Zero