Several critical vulnerabilities affecting Mali Graphics Processing Units (GPUs) have surfaced, allowing hackers to exploit flaws in GPU drivers to gain full control of devices.
The vulnerabilities tracked as CVE-2022-22706 and CVE-2021-39793, expose millions of devices to privilege escalation attacks, enabling attackers to bypass security mechanisms, manipulate memory permissions, and execute arbitrary code as a root user.
At the core of the issue is the kbase_jd_user_buf_pin_pages() function in the Mali GPU kernel driver.
This function, responsible for managing GPU operations and memory buffer permissions, fails to correctly enforce permission flags.
Specifically, it checks only the KBASE_REG_GPU_WR flag (representing GPU write access) and ignores the KBASE_REG_CPU_WR flag (indicating CPU write access).
This oversight opens the door for malicious applications to gain write access to read-only memory regions, granting privileges they should not have. The affected drivers include the following versions:
According to the Star Labs Report, Researchers demonstrated how these vulnerabilities are exploited to gain root access:
Exploit Steps
Here’s code from the patched driver highlighting the fixed vulnerability:
@@ -1683,7 +1683,8 @@
kbase_jd_user_buf_unmap(kctx, reg->gpu_alloc,
- (reg->flags & KBASE_REG_GPU_WR));
+ (reg->flags & (KBASE_REG_CPU_WR | KBASE_REG_GPU_WR)));
The fix introduces the KBASE_REG_CPU_WR flag check alongside KBASE_REG_GPU_WR, ensuring both CPU and GPU write permissions are validated.
The exploit underscores the severity of hardware-level vulnerabilities. Attackers leveraging this technique can:
A key demonstration of the attack involved achieving a root reverse shell, bypassing SELinux enforcement and using malicious payloads to hijack system processes like vold and init.
The following Termux output shows how the exploit originates from an unprivileged app user:
~ $ cat /proc/self/attr/current
u:r:untrusted_app_27:s0:c222,c256,c512,c768
~ $ id
uid=10222(u0_a222) gid=10222(u0_a222) groups=10222(u0_a222),3003(inet),9997(everybody)
The vulnerabilities in Mali GPU drivers serve as a stark reminder of the growing sophistication of hardware-level exploits.
The phrase “Hackers Can Exploit GPU Flaws to Gain Full Control of Your Device” is no longer a hypothetical scenario—it’s a reality that underscores the importance of timely security updates and heightened user vigilance.
If you’re using a device with Mali GPU drivers, take immediate action to update your software or patch the vulnerabilities to safeguard your data and privacy.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…