CVE-2022-36449: Use After Free
First published: Thu Sep 01 2022(Updated: )
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Arm Bifrost | >=r0p0<=r38p0 | |
| Arm Bifrost | =r39p0 | |
| Arm Midgard | >=r4p0<=r32p0 | |
| Arm Valhall | >=r19p0<=r38p0 | |
| Arm Valhall | =r39p0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.android.com/docs/security/bulletin/2023-04-01/#asterisk
- https://source.android.com/docs/security/bulletin/2023-04-01 (Advisory)
- http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html
- http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html
- http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html
- http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
Frequently Asked Questions
What is CVE-2022-36449?
CVE-2022-36449 is a vulnerability discovered in the Arm Mali GPU Kernel Driver that allows a non-privileged user to gain access to already freed memory, write outside of buffer bounds, or disclose memory mappings.
How does CVE-2022-36449 affect Arm Mali GPU systems?
CVE-2022-36449 affects Arm Mali GPU systems from Midgard r4p0 through r32p0, as well as Bifrost r0p0 through r38p0 and Valhall r19p0 through r38p0.
What is the severity of CVE-2022-36449?
The severity of CVE-2022-36449 is high, with a CVSS score of 6.5.
How can a non-privileged user exploit CVE-2022-36449?
A non-privileged user can exploit CVE-2022-36449 by performing improper GPU processing operations.
Are there any known fixes for CVE-2022-36449?
At the moment, there are no known fixes for CVE-2022-36449. It is recommended to follow the vendor's security advisories for updates.
- agent/type
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- agent/event
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/arm
- canonical/arm bifrost
- version/arm bifrost/r0p0
- version/arm bifrost/r38p0
- version/arm bifrost/r39p0
- canonical/arm midgard
- version/arm midgard/r4p0
- version/arm midgard/r32p0
- canonical/arm valhall
- version/arm valhall/r19p0
- version/arm valhall/r38p0
- version/arm valhall/r39p0
- vendor/google
- canonical/google android