Google has published information about a serious vulnerability that could affect mobile devices with chipset Qualcomm’s , running the operating system All Android . The vulnerability was found in the Adreno GPU driver . The problem was discovered by Google Project Zero employees who specialize in information security issues.
In Google assigned the problem of a high threat rating, as the chipset Qualcomm millions of mobile gadgets work worldwide. The vulnerability relates to the way the Adreno GPU driver maps a user’s device structure to kernel graphics support level ( KGSL ) file descriptors . The researchers note that although they managed to attack the device using this vulnerability, the implementation of such an attack in practice is very difficult.
Google Project Zero employees informed Qualcomm about the discovered vulnerability back on September 15th . According to available information, Qualcomm created the necessary update and handed it over to OEMs without advertising this action, assuring that it will officially submit the patch in January 2021 . However, Project Zero experts believe that this update does not fully solve the problem, and recommend Qualcomm to finalize the patch before its large-scale distribution.