Google & Arm - Raising The Bar on GPU Security

The Android Red Team and Arm collaborated to audit and harden the Arm Mali GPU stack, discovering and responsibly disclosing multiple memory-safety vulnerabilities—two Pixel-specific kernel integer overflow issues (CVE-2023-48409, CVE-2023-48421) and a complex GPU firmware buffer overflow (CVE-2024-0153)—that could enable firmware code execution and kernel privilege escalation; fixes and updated Security Test Suite checks were released to mitigate risk.