skip to content
Back to
Home Bounties Research Advisories CodeQL Wall of Fame Get Involved Events
February 17, 2023

GHSL-2022-092: Physical memory access by untrusted app in Qualcomm Adreno GPU - CVE-2022-25664

Man Yue Mo

Coordinated Disclosure Timeline


A vulnerability in the Adreno GPU allows physical memory to be read by an untrusted app.


Adreno GPU

Tested Version

Tested on Qualcomm phones, Pixel 4 up to September 2022 Patch.


Memory coherent issue leads to GPU command leaking page memory (GHSL-2022-092)

Due to coherency between GPU and CPU memory, It is possible to retrieve contents of unmapped pages via the use of GPU commands. When a mmapped region is mapped to the Adreno GPU, the GPU still holds the stale content in the backing pages because the pages were initialized to zero in the CPU cache only, and the initialization is not synced with the physical memory until a cache flush happens. This allows the GPU to read the stale contents of these pages and results in an information leak as these stale contents may not belong to the process that just mmapped the page (the page can come from anywhere, another process or kernel).


This issue may lead to information leak.



This issue was discovered and reported by GHSL team member @m-y-mo (Man Yue Mo).


You can contact the GHSL team at, please include a reference to GHSL-2022-092 in any communication regarding this issue.