Tech »  Topic »  Hackers Can Exploit GPU Flaws to Gain Full Control of Your Device

Hackers Can Exploit GPU Flaws to Gain Full Control of Your Device


Several critical vulnerabilities affecting Mali Graphics Processing Units (GPUs) have surfaced, allowing hackers to exploit flaws in GPU drivers to gain full control of devices.

The vulnerabilities tracked as CVE-2022-22706 and CVE-2021-39793, expose millions of devices to privilege escalation attacks, enabling attackers to bypass security mechanisms, manipulate memory permissions, and execute arbitrary code as a root user.

Technical Breakdown: How the Flaw Works

At the core of the issue is the kbase_jd_user_buf_pin_pages() function in the Mali GPU kernel driver.

This function, responsible for managing GPU operations and memory buffer permissions, fails to correctly enforce permission flags.

Specifically, it checks only the KBASE_REG_GPU_WR flag (representing GPU write access) and ignores the KBASE_REG_CPU_WR flag (indicating CPU write access).

This oversight opens the door for malicious applications to gain write access to read-only memory regions, granting privileges they should not have. The affected drivers include the following versions:

  • Midgard GPU Kernel Driver: r26p0 ...

Copyright of this story solely belongs to gbhackers . To see the full text click HERE