#Google and #Arm have collaborated to improve #GPU security, particularly focusing on the widely used Mali GPU, to protect Android devices from vulnerabilities that can lead to privilege escalation.

- Importance of GPUs: GPUs are critical for mobile visual experiences but can expose devices to security risks through their software and firmware stacks.

- Vulnerability Investigation: The Android Red Team and Arm aim to proactively identify and address #vulnerabilities in GPU kernel modules, which are often written in memory-unsafe languages like C.

- Recent Initiatives:

- Kernel Driver Testing: Fuzzing revealed memory issues (CVE-2023-48409, CVE-2023-48421) in the Mali #kernel driver, which were quickly patched.

- Firmware Testing: A multi-faceted approach uncovered CVE-2024-0153, a buffer overflow in GPU firmware, which was also remediated swiftly.

- Time to Patch: To combat active exploitation, the teams developed nine new Security Test Suite tests to help partners ensure timely patching.

- Future Directions: Arm is launching a bug bounty program to enhance vulnerability detection and maintain ongoing collaboration with the Android Red Team to strengthen GPU security across the ecosystem.

This partnership represents a significant effort to bolster the security of Android devices while maintaining high performance.