CVE-2022-38181

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost...

Basic Information

CVE State: PUBLISHED
Reserved Date: August 12, 2022
Published Date: October 25, 2022
Last Updated: February 03, 2025
Vendor: n/a
Product: n/a
Description: The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (added 2023-03-30 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2023-05-12 13:50:54 UTC) Source

References

https://developer.arm.com/support/arm-security-updates https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/ https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/ http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2023-03-30 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

R0rt1z2/CVE-2022-38181

Type: github • Created: 2023-05-12 13:50:54 UTC • Stars: 2