Android Update Addresses Mali GPU Bug Exploited as Zero-Day

June 6, 2023

Google has recently rolled out its monthly security update for the Android platform, which includes fixes for a total of 56 vulnerabilities. Among these, five are rated as critical in severity, and one has been actively exploited since at least last December. The security patch level 2023-06-05 incorporates a fix for CVE-2022-22706, a high-severity vulnerability found in the Mali GPU kernel driver developed by Arm. Google's Threat Analysis Group (TAG) suspects that this flaw may have been used in a spyware campaign specifically targeting Samsung smartphones. Google's latest bulletin states, "There are indications that CVE-2022-22706 may be under limited, targeted exploitation."

The United States Cybersecurity and Infrastructure Security Agency (CISA) also emphasized the active exploitation of CVE-2022-22706 in an advisory published in late March. This high-severity security issue, with a score of 7.8 out of 10, enables non-privileged users to obtain write access to read-only memory pages. Arm has identified that the issue affects the following kernel driver versions: Arm resolved the problem in Bifrost and Valhall GPU Kernel Driver r36p0 and in Midgard Kernel Driver r32p0. However, the fix has only now been incorporated into the stable version of Android.

It is important to note that Samsung had already addressed CVE-2022-22706 in its May 2023 update. The company's prompt response to the active exploitation of this vulnerability is likely attributable to the fact that its users were explicitly targeted by the spyware campaign. The critical-severity vulnerabilities fixed in this month's Android update include:

Android devices running version 10 or older are no longer supported and will not receive this security update. Users of outdated devices should be aware of the risks and potential impacts. They are advised to either switch to a newer, actively supported Android model or opt for a third-party Android distribution that continues to provide security fixes, albeit with a delay.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.