Home / Threat Intelligence bulletins / Google releases security update which addresses Android vulnerability exploited by spyware

Target Industry  

Indiscriminate, opportunistic targeting. 


Google has released a security update addressing 56 vulnerabilities, the highlight being that of CVE-2022-22706 (CVSSv3 Score: 7.8). The flaw pertains to the Mail GPU kernel driver and reporting has indicated that it has already been exploited by spyware.  


Successful exploitation of CVE-2022-22706 would allow a threat actor to achieve write access to read-only memory pages, thus leading to the potential compromise and integrity of data.  

Affected Products  

– Midgard GPU Kernel Driver: All versions from r26p0 – r31p0 

– Bifrost GPU Kernel Driver: All versions from r0p0 – r35p0 

– Valhall GPU Kernel Driver: All versions from r19p0 – r35p0 

Containment, Mitigations & Remediations  

It is strongly recommended that Android users apply the relevant security updates as soon as possible. The vulnerability reported on was remediated in the Bifrost and Valhall GPU Kernel Driver r36p0 and in Midgard Kernel Driver r32p0 updates. Samsung also addressed the flaw in its May 2023 update.  

 It should be noted that devices operating Android 10 or older are no longer supported and will therefore not receive this security update. In such cases users are strongly advised to either switch to a supported Android model or refer to a third-party Android distribution that provides the relevant updates. 

Indicators of Compromise 

No specific Indicators of Compromise (IoCs) are available currently. 

Threat Landscape 

Android occupies a significant portion of the mobile operating system share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Android devices have emerged a prime target. Due to the fact that the Android devices has become an integral aspect of both personal and business operations, threat actors will continue to exploit vulnerabilities contained within these products in an attempt to extract the sensitive data contained therein. 

Threat Group 

No attribution to specific threat actors or groups has been identified at the time of writing.  

Mitre Methodologies  

Defense Evasion Technique: 

T1222 – File and Directory Permissions Modification 

Further Information 

Android Security Bulletin 


Intelligence Terminology Yardstick