Mali security flaw affects millions of Samsung phones with Exynos

Last updated: 24 November 2022 at 15:04 UTC+01:00

Millions of Samsung phones powered by Exynos, or more specifically Exynos chipsets with Mali GPUs (of which there are many), are currently vulnerable to several security exploits. One can lead to kernel memory corruption, another to physical memory addresses being exposed, and three other vulnerabilities can lead to a physical page us-after-free state.

Essentially, these vulnerabilities could allow an attacker to continue reading and writing physical pages after they have been returned to the system. Or in other words, an attacker with native code execution in an app could gain full access to the system and bypass the permission model of the Android OS. (via Google Project Zero)

ARM solved the problem, but smartphone manufacturers have not

These security flaws discovered by Project Zero were brought to the attention of ARM in June and July. ARM fixed these Mali-related security flaws a month later, but at the time of writing, no smartphone vendors have applied security patches to address these vulnerabilities.

The Mali GPU from ARM can be found in smartphones across various brands including Samsung, Xiaomi and Oppo. In fact, the exploit was initially discovered when it targeted the Pixel 6. Google has also not patched this vulnerability despite Project Zero’s efforts to bring the issue to light.

This vulnerability does not affect Samsung devices powered by the Snapdragon or Galaxy S22 series. Yes, the latter has an Exynos chipset in some markets, but it uses an Xclipse 920 graphics chip rather than a Mali GPU.

Add a Comment

Your email address will not be published. Required fields are marked *