Google Researchers Uncover Multiple Qualcomm Adreno GPU Driver Vulnerabilities

TapTechNews August 12th news, according to foreign media Wired report, three Google security researchers demonstrated more than 9 Qualcomm Adreno GPU driver vulnerabilities at the DEFCON 32 security conference held in Las Vegas, the US on the 9th local time this month.

TapTechNews learned that the Adreno GPU driver is responsible for coordinating the communication between the GPU hardware and operating systems such as Android, and has deep privileges in the system kernel.

And applications on Android phones can communicate directly with the Qualcomm Adreno GPU driver without sandboxing or additional permission checks. An attacker can use the vulnerabilities found by the researchers to completely control the memory of the affected device, and then take over the entire device.

Google's Android security red team manager, XuanXing, said:

Compared to the huge Android ecosystem, we are just a small team - our work scope is too large to cover everything, so we must figure out which aspects will have the greatest impact.

So why do we focus on the GPU driver in this case? Because untrusted applications do not need any permissions to access the GPU driver. This is very important and I think it will attract the attention of many attackers.

The Qualcomm spokesperson confirmed to foreign media that Qualcomm has provided relevant vulnerability patches to OEM manufacturers in May 2024, and Qualcomm encourages end-users to obtain and apply these patches from the device manufacturer.