CVE-2022-38181: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
First published: Tue Oct 25 2022(Updated: )
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm Bifrost Gpu Kernel Driver | >=r0p0<=r38p1 | |
| Arm Bifrost Gpu Kernel Driver | =r39p0 | |
| Arm Midgard Gpu Kernel Driver | >=r4p0<=r31p0 | |
| Arm Valhall Gpu Kernel Driver | >=r19p0<=r38p1 | |
| Arm Valhall Gpu Kernel Driver | =r39p0 | |
| Arm Midguard Gpu Kernel Driver | >=r4p0<=r31p0 | |
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
- https://developer.arm.com/support/arm-security-updates
- https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/
- https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/
- https://source.android.com/docs/security/bulletin/2023-04-01/#asterisk
- https://source.android.com/docs/security/bulletin/2023-04-01 (Advisory)
- https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities;
- https://nvd.nist.gov/vuln/detail/CVE-2022-38181
Frequently Asked Questions
What is CVE-2022-38181?
CVE-2022-38181 is a use-after-free vulnerability in the Arm Mali GPU Kernel Driver that allows a non-privileged user to gain root privilege and/or disclose information.
What software is affected by CVE-2022-38181?
The Arm Mali Graphics Processing Unit (GPU) Kernel Driver is affected by CVE-2022-38181.
How can a non-privileged user exploit CVE-2022-38181?
A non-privileged user can exploit CVE-2022-38181 to gain root privilege and/or disclose information.
Is there a fix available for CVE-2022-38181?
Refer to the Arm Security Center for information on available fixes for CVE-2022-38181.
What is the Common Weakness Enumeration (CWE) ID for CVE-2022-38181?
The CWE ID for CVE-2022-38181 is CWE-416.
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/severity
- agent/title
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/description
- collector/android-source
- source/Android
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/tags
- collector/nvd-cve
- vendor/arm
- canonical/arm bifrost gpu kernel driver
- version/arm bifrost gpu kernel driver/r0p0
- version/arm bifrost gpu kernel driver/r38p1
- version/arm bifrost gpu kernel driver/r39p0
- canonical/arm midguard gpu kernel driver
- version/arm midguard gpu kernel driver/r4p0
- version/arm midguard gpu kernel driver/r31p0
- canonical/arm valhall gpu kernel driver
- version/arm valhall gpu kernel driver/r19p0
- version/arm valhall gpu kernel driver/r38p1
- version/arm valhall gpu kernel driver/r39p0
- canonical/arm midgard gpu kernel driver
- version/arm midgard gpu kernel driver/r4p0
- version/arm midgard gpu kernel driver/r31p0
- vendor/google
- canonical/google android
- canonical/arm mali graphics processing unit (gpu)