Hackers exploit several security flaws in top Qualcomm GPUs

Flaws are being used in “limited, targeted” exploitation

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Not long afterARMdisclosed multiple severe security vulnerabilities in some of its GPU products, Qualcomm has now done the same.

In both cases, the company was tipped off to the existence of the flaw byGoogle’s Threat Analysis Group (TAG), and Project Zero group.

Qualcomm’s flaws were found in the Adreno GPU and Compute DSP drivers, and are being tracked as CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, and CVE-2023-33063. As was the case with ARM, these too are being used in “limited, targeted exploitation”, which is the usual modus operandi for state-sponsored threat actors often engaged in espionage and data exfiltration from governmentendpoints, as well as those belonging to critical infrastructure, financial institutions, or think-tanks.

State-sponsored attackers

Qualcomm has addressed the flaws with an update, with relevant OEMs being notified, as well. “Patches for the issues affecting Adreno GPU and Compute DSP drivers have been made available, and OEMs have been notified with a strong recommendation to deploy security updates as soon as possible,” the company said in an advisory. Aside from the fact that they’re being “abused in the wild”, Qualcomm did not share more details about the flaws. It said it will do so when it releases its December 2023 bulletin.

Qualcomm’s latest security advisory also lists a couple of other flaws that were addressed, including CVE-2023-24855, CVE-2023-28540, and CVE-2023-33028, and 13 others.

No workarounds are available at the time, and the only thing users and organizations can do is sit tight and wait for the patch to become available. The good news is that for most of the flaws, there is no evidence of abuse in the wild.

In ARM’s case, the flaws affected multiple consumer devices, includingSamsungGalaxy S20/S20 FE, Xiaomi Redmi K30/K40, Motorola Edge 40, and OnePlus Nord 2. Bifrost, Valhall, and Arm 5th Gen GPUs were affected.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

I’ve been covering Apple Watch deals for years – This is the one model most people should buy on Black Friday