Google has updated its May 2021 Android Security Bulletin to include a warning that four of the security vulnerabilities that were patched earlier this month by Arm and Qualcomm may have been exploited in the wild.
“There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation," the updates advisory reads.
Two of the bugs (CVE-2021-1905 and CVE-2021-1906) impact Qualcomm the graphics component. The first one exists due to a use-after-free error in the Graphics component when handling memory mapping of multiple processes simultaneously and allows a local user to escalate privileges on the system, while the latter could be used to trigger a denial of service (DoS) attack.
Other two vulnerabilities are CVE-2021-28663 and CVE-2021-28664. CVE-2021-28663 is a use-after-free issue in the Arm Mali GPU kernel driver which allows a local application to execute arbitrary code on the system with elevated privileges. It affects Bifrost r0p0 through r28p0 before r29p0, Valhall r19p0 through r28p0 before r29p0, and Midgard r4p0 through r30p0.
CVE-2021-28664 is a boundary error within the Arm Mali GPU kernel driver. As in the previous case, the bug allows a local application to execute arbitrary code on the system with elevated privileges.
May Android security updates also include a patch for a critical vulnerability in the Video component (CVE-2021-1910). A remote attacker can trick the victim to play a specially crafted video file, trigger a double free error and execute arbitrary code on the target system.