CVE-2022-22706

CVSS 7.8 HIGHEPSS 1.2%● KEVCWE-119

In short

A flaw in Arm Mali GPU drivers lets regular users write to memory areas that should be read-only, potentially allowing them to corrupt data or take control of the system. This affects multiple versions of Mali GPU drivers used in many Android devices and other systems.

Technical detail

The Arm Mali GPU Kernel Driver contains a memory protection bypass (CWE-119: Buffer Over-read) that allows unprivileged local users to gain write access to read-only memory pages through improper access control on GPU memory mappings. Exploitation requires local code execution capability; successful exploitation can lead to arbitrary code execution, privilege escalation, or denial of service across affected Midgard (r26p0-r31p0), Bifrost (r0p0-r35p0), and Valhall (r19p0-r35p0) GPU driver versions.

Summary generated and translated by AI from the official description.

Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://developer.arm.com/support/arm-security-updates https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22706