CVE-2022-46395

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-46395
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://packetstormsecurity.com/files/172855/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities Vendor Advisory
https://developer.arm.com/support/arm-security-updates Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:arm:avalon_gpu_kernel_driver:r41p0:*:*:*:*:*:*:*
cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*
History

13 Dec 2023, 13:51

Type Values Removed Values Added
First Time Arm midgard Gpu Kernel Driver
CPE cpe:2.3:a:arm:midguard_gpu_kernel_driver:*:*:*:*:*:*:*:* cpe:2.3:a:arm:midgard_gpu_kernel_driver:*:*:*:*:*:*:*:*

12 Jun 2023, 07:16

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/172855/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html -

13 Mar 2023, 17:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
References (CONFIRM) https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities - (CONFIRM) https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities - Vendor Advisory
References (MISC) https://developer.arm.com/support/arm-security-updates - (MISC) https://developer.arm.com/support/arm-security-updates - Vendor Advisory
CPE cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:midguard_gpu_kernel_driver:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:avalon_gpu_kernel_driver:r41p0:*:*:*:*:*:*:*
CWE CWE-416
First Time Arm midguard Gpu Kernel Driver
Arm avalon Gpu Kernel Driver
Arm bifrost Gpu Kernel Driver
Arm
Arm valhall Gpu Kernel Driver

06 Mar 2023, 14:23

Type Values Removed Values Added
New CVE
Information

Published : 2023-03-06 14:15

Updated : 2023-12-13 13:51

NVD link : CVE-2022-46395

Mitre link : CVE-2022-46395

CVE.ORG link : CVE-2022-46395

JSON object : View

Products Affected

arm

  • bifrost_gpu_kernel_driver
  • valhall_gpu_kernel_driver
  • midgard_gpu_kernel_driver
  • avalon_gpu_kernel_driver
CWE
CWE-416

Use After Free