Samsung Galaxy S9 is possibly one of the best smartphones available right now. It features a sleek, almost bezel-less design, dual-aperture camera and the latest Snapdragon 845 chipset, or the Exynos 9810 depending on where you live. However, the Galaxy S9 with the Qualcomm chipset is plagued with a major vulnerability that could lead to random reboots triggered remotely.

Discovered by UK-based GraphicsFuzz, a company that specializes in testing smartphone graphics, the Galaxy S9’s Adreno 630 graphics driver has an error which can be used to reboot the phone. The team says the device can be rebooted via a valid WebGL webpage when you are browsing on the preloaded Samsung Internet browser.

GraphicsFuzz mentions that the error is related to the rendering of a complex yet valid shader that can be exploited to freeze and then reboot the device.

Galaxy S9 Root

The said vulnerability was found during the standard testing of GPU stability of the Galaxy S9 and GraphicsFuzz did not design the WebGL page with any malicious intent. Instead, it decided to dig deeper and investigate Qualcomm’s Adreno GPU. The cause of the issue seems to be the GPU driver of the Adreno 630.

In-Depth Explanation

Explaining the same, GraphiczFuzz has stated that when the phone’s GPU renders a complex shader, the GPU sets something called a ‘fence’ to regulate the sharing of memory between the CPU and GPU on a mobile chipset.

The fence is not able to complete the rendering process and times out, causing the Galaxy S9’s Snapdragon model to reboot. GraphicsFuzz tested the same on several different browsers and found that the bug only affected Samsung’s Internet browser.

galaxy s9 adreno gpu test

Other browsers only froze or crashed as they feature mechanisms to end GPU processes after a set period, but Samsung’s browser crashed the phone. GraphicsFuzz also took the time to test the Exynos variant of the Galaxy S9 but the Mali-G72 GPU was successful in rendering the shader. Hence, it is Qualcomm’s Adreno 630 that has an issue and we hope to see a security patch for the same roll out soon enough.