Qualcomm's Adreno GPU vulnerability found: Snapdragon chips join problematic Intel, AMD CPUs

It started with Intel... then AMD... and now Qualcomm has been hit with multiple vulnerabilities inside of its Adreno GPU.

2

Google researchers have found vulnerabilities inside Qualcomm's Adreno GPU, which is the integrated GPU inside of its Snapdragon processors. The GPU has kernel privileges, which means the security flaws found could be significant, as it would allow hackers full control over your Qualcomm-powered device.

The researchers focused on GPU drivers because untrusted apps can access them without additional permissions, making them an easy target for hackers. The drivers complexity with the operating system makes things worse for users, but great (and easier) for hackers.

Xuan Xing, manager of Google's Android Red Team, explained: "We are a small team compared to the big Android ecosystem -- the scope is too big for us to cover everything, so we have to figure out what will have the most impact. So why did we focus on a GPU driver for this case? It's because there's no permission required for untrusted apps to access GPU drivers. This is very important, and I think will attract lots of attackers' attention".

Eugene Rodionov, technical leader of the Android Red Team, added: "There are a lot of moving parts and no access restrictions, so GPU drivers are readily accessible to pretty much every application. What really makes things problematic here is complexity of the implementation-that is one item which accounts for a number of vulnerabilities".