Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2022-38181
PUBLISHEDThe Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost...
- Vendor
- Arm
- Product
- Mali GPU kernel driver
- Published
- Oct 25, 2022
- EPSS
- —
Description
The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2023-03-30 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
References
- https://developer.arm.com/support/arm-security-updates
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
- https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/
- https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/
- http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Mar 30, 2023 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nessus | https://www.tenable.com/plugins/nessus/178125 | Jun 02, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2023-05-12 13:50:54 UTC · 2 stars
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nessus