Driving forward in Android drivers

Project Zero presents a technical analysis of multiple security flaws in Android third-party kernel drivers—chiefly MediaTek's JPEG decoding accelerator and the GED GPU extension—detailing two tracked CVEs (an OOB read/write and a race-induced use‑after‑free), an exploit chain that reclaims dmabuf objects via GED heap primitives to obtain arbitrary read/write, and a proof-of-concept that achieves root on tested MediaTek devices; the report also highlights inconsistent patch propagation to OEMs and recommends faster driver updates and mitigation strategies.