After discovering the exploit 6 months ago, the Google Pixel team has finally fixed the Mali GPU Kernel Driver issue that was found by the Project Zero team at Google.
The vulnerability, known as CVE-2022-36449, was found between June and July 2022 and was fixed by ARM in July and August 2022. However, many OEMs, including Pixel, Samsung, Xiaomi, and Oppo, have yet to address the issue.
Affected Pixel 6 and 7 series devices have been patched with an updated GPU driver in the Android 13 QPR2 Beta 1 with stable builds rolling out in March of 2023. Google told Engadget that “The fix provided by ARM is currently undergoing testing for Android and Pixel devices and will be delivered in the coming weeks…Android OEM partners will be required to take the patch to comply with future SPL requirements.”
This could mean, that Google could require OEMs (including themselves) to include this fix starting from the January 2023 security patch.