CVE-2022-38181
CVE-2022-38181
In short
The Arm Mali GPU driver has a flaw that lets unprivileged users access memory that has already been freed, potentially causing crashes or system compromise. This happens because the driver doesn't properly manage GPU memory operations.
Technical detail
Use-after-free vulnerability in Arm Mali GPU kernel driver affecting Bifrost, Valhall, and Midgard architectures. Unprivileged local users can trigger freed memory access through GPU operations without proper state validation, leading to information disclosure or denial of service.
Summary generated and translated by AI from the official description.
The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/Pro-me3us/CVE_2022_38181_Raven★ 7githubgithub.com/Pro-me3us/CVE_2022_38181_Gazelle★ 3githubgithub.com/R0rt1z2/CVE-2022-38181★ 3cve_referencepacketstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.htmlhttps://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilitieshttps://developer.arm.com/support/arm-security-updateshttps://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-38181