Post Syndicated from original https://lwn.net/Articles/891959/

The Google Project Zero blog is carrying a
report on zero-day vulnerabilities found to be exploited during 2021.

5 of the 7 [Android] 0-days from 2021 targeted GPU drivers. This is
actually
not that surprising when we consider the evolution of the Android
ecosystem as well as recent public security research into
Android. The Android ecosystem is quite fragmented: many different
kernel versions, different manufacturer customizations, etc. If an
attacker wants a capability against “Android devices”, they
generally need to maintain many different exploits to have a decent
percentage of the Android ecosystem covered. However, if the
attacker chooses to target the GPU kernel driver instead of another
component, they will only need to have two exploits since most
Android devices use 1 of 2 GPUs: either the Qualcomm Adreno GPU or
the ARM Mali GPU.