Primary

Context

Android PowerVR GPU Components Integer Overflow Vulnerability Leading to Arbitrary Code Execution

Vulnerability

A vulnerability has been identified in the PowerVR GPU components of certain Android devices, allowing for arbitrary code execution. This issue arises from an integer overflow in the 'DevmemXIntMapPages' function of 'devicemem_server.c', which could facilitate local privilege escalation in the kernel without requiring additional execution privileges. Exploitation of this vulnerability does not involve user interaction.

Impact

Exploitation of this vulnerability could lead to unauthorized arbitrary code execution in the kernel, potentially allowing an attacker to escalate privileges.

Remediation

Users can update their devices to the October 2024 security patch level to address this vulnerability. Instructions for checking and updating the Android version are available on the Android Support website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.7

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android PowerVR GPU Components Integer Overflow Vulnerability Leading to Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Android

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating