Millions of Samsung phones utilising Exynos chipsets, or more specifically Exynos chipsets with Mali GPUs, are now vulnerable to several security issues (of which there are many). One vulnerability may lead to a physical page us-after-free scenario, while another may expose physical memory locations. Kernel memory corruption is a consequence of three other vulnerabilities.
In essence, these issues might allow an attacker to access physical pages and continue to read and write to them after they have been returned to the system. Or, to put it another way, a hacker with native code execution in an app may seize total control of the device and bypass the permission architecture of the Android operating system.
ARM was made aware of these security holes by Project Zero in the months of June and July. A month later, ARM patched these Mali-related security weaknesses, but as of the time of this writing, no smartphone OEMs had done the same.
Samsung, Xiaomi, and Oppo are just a few of the smartphone manufacturers who use the ARM Mali GPU. In actuality, the Pixel 6 was the target of the exploit’s initial discovery. Despite Project Zero’s efforts to raise awareness of the issue, Google hasn’t also addressed this vulnerability.
The Galaxy S22 series and Snapdragon-powered Samsung devices are unaffected by this issue. Although the latter employs an Xclipse 920 graphics chip rather than the Mali GPU, it does have an Exynos chipset in select areas.
