Google revealed a critical flaw in Qualcomm's Adreno GPU

Google Project Zero is one of the highly rated independent security teams in terms of expertise today. The group's findings are not only important to Google's products themselves, but can also contribute to alerting many large organizations and enterprises against the risk of a cyber security disaster. The case that just happened on Qualcomm's Adreno GPU can be used.

Specifically, the Project Zero team has just publicly revealed a security hole that exists in the Adreno GPU integrated on a Snapdragon chip, with a 'high' severity rating.

This is a vulnerability related to the way the GPU handles shared information. Essentially, the Adreno GPU driver associates a separate device architecture for each kernel graphics support layer (KGSL) class descriptor, which contains the page tables needed to context switching. This architecture is associated with the process ID (PID) of the process that calls it, but can be reused by other KGSL descriptors in the same process, potentially improving performance.

When the calling process (parent process) creates a child process, the following also inherits the native structure of the KGSL descriptor originally created for the parent process, rather than creating a new process. Essentially, this gives the child process - possibly a malicious attacker - access over subsequent GPU mappings, and penetrates the user's device.

In general, exploiting this vulnerability would require a very complex attack, in which the operator also has to be highly skilled. Project Zero experts said that in real-world situations, successfully exploiting the vulnerability would require an attacker to "repeat the PID and then trigger a timely process or restart the service." the system passed a 'crashes'.

Google revealed a critical flaw in Qualcomm's Adreno GPU Picture 1

All information on the vulnerability and related issues was reported to Qualcomm by Google Project Zero on September 15th. Accompanied by suggestions for remediation and a standard deadline of 90 days (to December 14) for Qualcomm to take steps to fix the problem, before everything goes public. On December 7, Qualcomm completed a fix and shared information separately with OEMs. Qualcomm also pledged to disclose more detailed information about the vulnerability in a public bulletin released in January 2021.

To authenticate, Google Project Zero analyzed the Qualcomm fix, and discovered that within the patch itself could create a new problem that could lead to privilege escalation attacks at the level. nuclear degree. Google continued to notify Qualcomm of its new findings on December 10, Qualcomm later responded that it was further investigating.

However, today is the deadline. In accordance with regulations, Project Zero has publicly announced the vulnerability in the Adreno GPU driver mentioned above. It is not clear why Qualcomm is not asking for an additional grace period to fix the bug. If so, the vulnerability details will not be included in the Google newsletter.

As it is now, the security bug is now public, meaning that Qualcomm is in a race against time to fix it as soon as possible before attackers figure out how to get the most out of it. .

Kareem Winters

Update 17 December 2020