#Google and #Arm have collaborated to improve #GPU security, particularly focusing on the widely used Mali GPU, to protect Android devices from vulnerabilities that can lead to privilege escalation.
- Importance of GPUs: GPUs are critical for mobile visual experiences but can expose devices to security risks through their software and firmware stacks.
- Vulnerability Investigation: The Android Red Team and Arm aim to proactively identify and address #vulnerabilities in GPU kernel modules, which are often written in memory-unsafe languages like C.
- Recent Initiatives:
- Kernel Driver Testing: Fuzzing revealed memory issues (CVE-2023-48409, CVE-2023-48421) in the Mali #kernel driver, which were quickly patched.
- Firmware Testing: A multi-faceted approach uncovered CVE-2024-0153, a buffer overflow in GPU firmware, which was also remediated swiftly.
- Time to Patch: To combat active exploitation, the teams developed nine new Security Test Suite tests to help partners ensure timely patching.
- Future Directions: Arm is launching a bug bounty program to enhance vulnerability detection and maintain ongoing collaboration with the Android Red Team to strengthen GPU security across the ecosystem.
This partnership represents a significant effort to bolster the security of Android devices while maintaining high performance.