Critical Vulnerabilities in Qualcomm’s Adreno GPU Affecting Billions of Android Devices

Google researchers have identified multiple critical security vulnerabilities within Qualcomm’s Adreno GPU, potentially affecting billions of Android devices worldwide. These vulnerabilities, if exploited, could lead to unauthorized access and control over affected devices, posing a significant risk to users’ data and privacy.

Qualcomm, a leading manufacturer of mobile processors and wireless chipsets, has confirmed the existence of these vulnerabilities in its latest security bulletin. The company has been working closely with Android device manufacturers to develop and deploy necessary patches to mitigate the risks associated with these flaws.

Details of the Vulnerabilities

Security researchers identified vulnerabilities primarily associated with Qualcomm’s proprietary software used in the Adreno GPU.

These issues have been categorized as high-impact, with several receiving a critical security rating. The vulnerabilities span multiple technology areas, including the Multi-Mode Call Processor, Hypervisor, and HLOS (High-Level Operating System).

According to the Qualcomm report, The vulnerabilities impact many popular Android smartphones and tablets, including devices from Samsung, Google, Xiaomi, OnePlus, and many other manufacturers that utilize Qualcomm’s Adreno GPU in their chipsets.

Qualcomm has published a list of affected chipsets in its security bulletin, urging device manufacturers to integrate the provided patches into their firmware updates promptly.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

High Severity Key Vulnerabilities

  • CVE-2024-23350: A critical vulnerability in the Multi-Mode Call Processor that could lead to a Denial of Service (DoS) attack.
  • CVE-2024-21481: A high-severity vulnerability in the Hypervisor that results in memory corruption during shared memory notification preparation.
  • CVE-2024-23352: Another critical issue in the Multi-Mode Call Processor, where an infinite loop condition could be triggered, leading to a transient DoS.
  • CVE-2024-23353: A vulnerability involving a buffer over-read in the Multi-Mode Call Processor, potentially causing a transient DoS while decoding certain network messages.

Additional Vulnerability in Audio Processing Component

Researchers have also uncovered a buffer over-read flaw in Qualcomm’s audio processing component, CVE-2024-21479, which can lead to a transient denial-of-service (DOS) condition during the playback of ALAC audio content.

Impact and Response

The vulnerabilities affect many Qualcomm chipsets, including popular ones like the Snapdragon 8 Gen 3 Mobile Platform and various 5G Modem-RF Systems. Given the extensive use of Qualcomm chipsets in Android devices, the potential impact is vast, affecting billions of users worldwide.

Qualcomm has acknowledged these vulnerabilities and is actively working with Original Equipment Manufacturers (OEMs) to distribute patches. Users are strongly advised to update their devices when patches become available to mitigate potential risks.

Qualcomm has acknowledged the existence of these vulnerabilities and is currently collaborating with Original Equipment Manufacturers (OEMs) to deploy patches. It is highly recommended that users update their devices as soon as patches are released in order to reduce potential risks.

Qualcomm has expressed appreciation to the researchers who reported these issues and is collaborating with industry partners to ensure prompt updates.

The company engages in collaboration with the Google Android Security team to effectively address and resolve these vulnerabilities in a comprehensive manner.

The identification of these vulnerabilities highlights the significance of implementing strong security protocols during the software development process and the necessity for ongoing monitoring and awareness within the technology sector.

It is recommended that users actively stay updated on security updates and take measures to safeguard their devices against potential threats.

Also Read:

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Co-Founder & Editor-in-Chief - Cyber Press Inc.,

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here