Improper Memory Access Vulnerability in Arm Mali GPU Driver
CVE-2022-46395

8.8HIGH

Key Information:

Vendor: Arm
Status: Avalon Gpu Kernel Driver; Bifrost Gpu Kernel Driver; Midguard Gpu Kernel Driver; Valhall Gpu Kernel Driver
Vendor: CVE Published:; 6 March 2023

Summary

A vulnerability exists in the Arm Mali GPU Kernel Driver that allows a non-privileged user to perform improper GPU processing operations. This can lead to access of already freed memory, potentially enabling arbitrary code execution. The issue affects several versions of the Mali GPU components, including Midgard, Bifrost, Valhall, and Avalon, prior to their specified r42p0 releases. Users and administrators should review the affected versions and apply security updates promptly to mitigate potential impacts.

References

https://developer.arm.com/support/arm-security-updates

https://developer.arm.com/Arm%20Security%20Center/Mali%20...

http://packetstormsecurity.com/files/172855/Android-Arm-M...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 6, 2023
Vulnerability Reserved
Dec 4, 2022