Google warns millions of Android devices could be at risk of attack due to this flaw

app security
(Image credit: Shutterstock.com) (Image credit: Shutterstock.com)

Google has warned that Android devices around the world could be at risk of cyberattacks, partly due to the slow and cumbersome patching process. 

Cybersecurity researchers from Google’s Project Zero team discovered a total of five vulnerabilities affecting the Arm Mali GPU driver. 

The flaws have been grouped under two identifiers - CVE-2022-33917, and CVE-202236449, and they allow threat actors a myriad of options, from accessing free memory sections, to writing outside of buffer bounds. They’ve all gotten a severity score of “medium”. 

More OEMs, slower patches

The flaws have since been patched, but hardware manufacturers are yet to apply these patches on their endpoints. Unlike Apple, which is the sole creator of both hardware, and software, for the iPhone mobile ecosystem, Google is not the only company creating the software and hardware for Android.

Besides Google with its Pixel phone, there is a relatively large number of smartphone manufacturers building Android-powered devices, such as Samsung, LG, Oppo, and many others. All these companies have their own, modified versions of Android, and their own approach to hardware. That said, when a vulnerability is discovered, each original equipment manufacturer (OEM) needs to apply the patch to their own devices. That can take time, as these patches can sometimes conflict with the device’s drivers or other components.

And that’s exactly the problem here. 

The flaws affect Arm’s Mali GPU drivers codenamed Valhall, Bifrost, Midgard, and affect a long list of devices, including the Pixel 7, RealMe GT, Xiaomi 12 Pro, OnePlus 10R, Samsung Galaxy S10, Huawei P40 Pro, and many, many others. The entire list can be found here

Right now, there’s nothing users can do other than wait for their respective manufacturers to apply the patch, as it should be delivered to OEMs in a few weeks.

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
MediaTek
MediaTek reveals host of security vulnerabilities, so patch now
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
The best free firewall
Palo Alto warns another major firewall hack has been detected
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC