Android drivers for the Qualcomm Adreno GPU had at least nine vulnerabilities. Numerous smartphones were vulnerable for a long time.
This was revealed by three Google researchers at the Defcon event in Las Vegas last week. They had previously informed Qualcomm about the vulnerabilities, all of which have been patched since May 2024.
Qualcomm uses Adreno GPUs in its Snapdragon SoCs, which are in the vast majority of high-end Android devices. While attention to vulnerabilities has focused mainly on those of CPUs and software, the GPU route appears to be increasingly attractive to attackers.
High privileges
The focus of computation has been shifting for some time. GPUs, with usually (tens)of thousands of smaller cores, are taking over the grunt work of many tasks from CPUs. AI workloads are an example of this within datacenters, with GPU compute for generative AI working significantly faster and scaling far better than on a conventional central processor. Smartphone apps are also joining this trend, albeit on a smaller scale. GPU acceleration has now gone beyond pixel generation to drive additional functionality and computation within apps.
That has a downside. Where the attack path through the CPU has been continuously made smaller through research and patching, such a process has been largely absent with the GPU. Because GPU drivers have direct access to memory with kernel privileges, they are potentially very attractive for abuse. Attackers who target vulnerabilities within these drivers gain access to the smartphone at a deep, privileged level.
Open-source
Qualcomm’s Adreno software is open-source. This allowed the Google researchers to look around in the code without hindrance. The discovery fell on nine possible attack vectors, each created by the complex interconnectivity of GPU functions. However, such exploits were only possible if an attacker already had access to a user’s phone device.
According to the researchers, the complexity of the Qualcomm implementation causes problems. The software would not be manageable enough to easily detect vulnerabilities. In addition, GPU exploitation is difficult to track because, like security researchers, malware scanners and other defensive techniques have focused primarily on CPUs.
Also read: New attack on Linux kernel bypasses modern defense