The ultimate goal of Google's ProjectZero team is to eliminate all zero-day bugs in the world, and in light of the recent ARMGPU bug outbreak, the team has posted a blog post denouncing Android vendors for being lazy, even with Google's own Pixel. In the blog post, the ProjectZero team states that Android vendors did not act quickly enough to fix the ARMGPU driver bug.
MaddieStone, a member of the ProjectZero team, discovered a bug in the Pixel6 phone in June that allowed unprivileged users to gain write access to the read-only memory.
Another member of the team, JannHorn, discovered several other related bugs in the ARMGPU driver three weeks later. The vulnerabilities could allow "an attacker executing native code in an app [to gain] full access to the system, bypass Android's permission model, and allow widespread access to user data".
The ProjectZero team reported these issues to ARM in June-July 2022. ARM fixed these issues during July and August, issuing a security bulletin (CVE-2022-36449) and releasing the source code for the fix.
But for consumers, the bugs are still not fixed. The main reason for this is the various Android Oems, including Google itself. According to the ProjectZero team, months after ARM fixed the bugs, all of our Mali test equipment was still vulnerable to the problems. CVE-2022-36449 is not mentioned in any downstream safety bulletin.
IT House understands that the list of affected ARMGPU devices is long and covers the last three generations of ARMGPU architectures (Midgard, Bifrost and Valhall), ranging from currently shipped devices to phones in 2016. Qualcomm chips don't use ARM Gpus, but Google's TensorSoC uses an ARMGPU in the Pixel6, 6a, and 7, while Samsung's ExynosSoC uses an ARMGPU in its mid-range phones and older international flagships like the GalaxyS21 (just without the GalaxyS22). Mediatek's SOCs are all ARMGPU users as well, so we're talking about millions of vulnerable Android phones from almost every Android OEM.