The Google Project Zero team recently disclosed a “high-risk” security vulnerability in Qualcomm’s Adreno GPU, but the company has released a patch to fix it. The vulnerability is related to how the GPU shared mapping is handled, and detailed code details about the vulnerability can be found in the list provided by Google. < / P > < p > according to the blog description, the Adreno GPU driver links a private device structure for each kernel graphics support layer (kgsl) descriptor, which contains the page table required for context switching. This structure is associated with process ID (PID), but can be reused by other kgsl descriptors in the same process, which may improve performance. < / P > < p > when the calling process derivation creates a child process, the latter also inherits the private structure of the kgsl descriptor originally created for the parent process, instead of creating a new child process. In essence, this gives a child process (possibly an attacker) read access to subsequent GPU maps that the parent process will create, but the parent process does not know. < / P > < p > as you can see, this is a fairly complex attack. The Google Project Zero team said that in practice, to successfully exploit the vulnerability, an attacker would be required to loop the PID and then trigger a well timed or system service restart by crashing a bug. The vulnerability may attempt to reply to the contents rendered by the infected person’s GPU or the results of other GPU operations. < / P > < p > the vulnerability has been reported to Qualcomm on September 15, with suggestions for its repair. Prior to the 90 day standard period (as of December 14), Qualcomm completed the repair on December 7 and privately shared information with OEMs. Qualcomm said it would disclose details of the vulnerability in January 2021. After 12 years, “world class Super project” Shantou Bay Tunnel ushers in a historic breakthrough today

By ibmwl