What is CVE-2022-28349?

CVE-2022-28349 is a vulnerability in Arm Mali GPU Kernel Driver that allows for use-after-free.

What versions of Arm Bifrost Gpu Kernel Driver are affected by CVE-2022-28349?

Arm Bifrost Gpu Kernel Driver versions r17p0 through r23p0 are affected by CVE-2022-28349.

What versions of Arm Midguard Gpu Kernel Driver are affected by CVE-2022-28349?

Arm Midguard Gpu Kernel Driver versions r28p0 through r29p0 are affected by CVE-2022-28349.

What versions of Arm Valhall Gpu Kernel Driver are affected by CVE-2022-28349?

Arm Valhall Gpu Kernel Driver versions r19p0 through r23p0 are affected by CVE-2022-28349.

What is the severity of CVE-2022-28349?

CVE-2022-28349 has a severity rating of 9.8 (Critical).

Where can I find more information about CVE-2022-28349?

You can find more information about CVE-2022-28349 at the following references: [Arm Security Center](https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities), [Arm Security Updates](https://developer.arm.com/support/arm-security-updates), [Android Security Bulletin](https://source.android.com/docs/security/bulletin/2023-06-01/#asterisk).

How can I fix CVE-2022-28349?

To fix CVE-2022-28349, it is recommended to apply the latest security updates provided by Arm and Android.

Vulnerability/
CVE-2022-28349

critical

CWE

416

19/5/2022

3/8/2024

CVE-2022-28349: Use After Free

First published: Thu May 19 2022(Updated: )

Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Arm Bifrost Gpu Kernel Driver	>=r17p0<=r23p0
Arm Midguard Gpu Kernel Driver	>=r28p0<=r29p0
Arm Valhall Gpu Kernel Driver	>=r19p0<=r23p0
Google Android

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-28349?
CVE-2022-28349 is a vulnerability in Arm Mali GPU Kernel Driver that allows for use-after-free.
What versions of Arm Bifrost Gpu Kernel Driver are affected by CVE-2022-28349?
Arm Bifrost Gpu Kernel Driver versions r17p0 through r23p0 are affected by CVE-2022-28349.
What versions of Arm Midguard Gpu Kernel Driver are affected by CVE-2022-28349?
Arm Midguard Gpu Kernel Driver versions r28p0 through r29p0 are affected by CVE-2022-28349.
What versions of Arm Valhall Gpu Kernel Driver are affected by CVE-2022-28349?
Arm Valhall Gpu Kernel Driver versions r19p0 through r23p0 are affected by CVE-2022-28349.
What is the severity of CVE-2022-28349?
CVE-2022-28349 has a severity rating of 9.8 (Critical).
Where can I find more information about CVE-2022-28349?
You can find more information about CVE-2022-28349 at the following references: [Arm Security Center](https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities), [Arm Security Updates](https://developer.arm.com/support/arm-security-updates), [Android Security Bulletin](https://source.android.com/docs/security/bulletin/2023-06-01/#asterisk).
How can I fix CVE-2022-28349?
To fix CVE-2022-28349, it is recommended to apply the latest security updates provided by Arm and Android.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
agent/softwarecombine
collector/android-source
source/Android
agent/software-canonical-lookup
agent/weakness
agent/last-modified-date
agent/author
agent/severity
agent/tags
agent/description
agent/event
collector/mitre-cve
source/MITRE
vendor/arm
canonical/arm bifrost gpu kernel driver
version/arm bifrost gpu kernel driver/r17p0
version/arm bifrost gpu kernel driver/r23p0
canonical/arm midguard gpu kernel driver
version/arm midguard gpu kernel driver/r28p0
version/arm midguard gpu kernel driver/r29p0
canonical/arm valhall gpu kernel driver
version/arm valhall gpu kernel driver/r19p0
version/arm valhall gpu kernel driver/r23p0
vendor/google
canonical/google android