Vulnerability for Adreno GPU drivers

The Project Zero team of Google, constantly looking for software vulnerabilities, in recent months has found one that affects the Adreno GPUs integrated in the Qualcomm Snapdragon chips and present in almost every smartphone in circulation. The problem is related to the drivers and to the process management methods (memory mapping) by the graphics component calling into question KGSL (Kernel Graphics Support Layer) and PID (Process ID). For further technical details, please refer to the post attached at the end of the article.

Adreno: vulnerability in GPUs, but an attack is unlikely

Although in theory it is possible to carry out an attack in order to to force the flaw in question would require an extremely complex approach. There are currently no reports of compromises via exploits.

The issue was reported by Project Zero to Qualcomm on September 15, along with some suggestions on how to fix it. The 90 days usually allowed for a fix to be released expired on December 14th. A week earlier, on December 7, the chipmaker posted a corrective and shared the information privately with OEM partners.

However, not everything went the right way. The update in turn introduced an additional, potentially even more serious problem, re-identified by the Google team and reported to Qualcomm on 10 December. The group responded by immediately launching an investigation, but there are no fixes on the horizon. We are not aware of the timeframe required to see a patch roll out now that will permanently fix the flaw, but it is a matter of urgency now that details of the vulnerability have been publicly disclosed.

Source: Project Zero