Android security breach
A report published by Google’s Project Zero team, a group of security analysts, states that this “patch gap” directly affects the supply chain android. This is because system security updates usually take several months to arrive.
The companies in charge of the original equipment need more time before implementing these fixes because they need to test them beforehand. A procedure that increases the time users must wait for the patch to finally reach their Android phone.
The Project Zero team discovered these vulnerabilities during the month of June 2022. The two security issues are designated CVE-2022-33917 and CVE-2022-36449. The former allows an unprivileged user to improperly perform GPU operations in order to gain access to memory partitions. The breach affects Arm Mali Valhall graphics kernel drivers r29p0 to r38p0.
On the other hand, the problem of the VE-2022-36449 error is that authorizes access to unprivileged users to enter freed memory, write outside buffer bounds, or reveal details of memory allocations. A series of inconveniences that can put the user in a bind.
Again we point out that this security breach affects manufacturers such as: Google, OPPO, Honor, Motorola, Samsung, Huawei, Sony, Nokia and Xiaomi. So there are a huge number of devices under the Android ecosystem that have been involved in this problem. This makes the need and urgency to receive an update to correct this aspect be extreme.
A patch that will never come
It is important to know in advance that there is nothing the user can do to fix this vulnerability other than waiting for a security patch from the vendor to fix it. However, it is quite likely that older Android devices no longer receive the updatesince they have stopped having support, so the best thing would be to renew your smartphone.
Mali GPU drivers are used by chipsets like MediaTek, Kirin, Exynos, and HiSilicon, which are the predominant processors in Android with the exception of Snapdragon. At the moment, the correction of the gap has not reached the manufacturers, who cannot do anything at the moment, since It is being tested first on the Pixel of Google. This means that there are a few weeks left for the US company to share the update with the rest of the manufacturers.