CVE-2022-46891: Use After Free
First published: Tue Jan 17 2023(Updated: )
An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40p0.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arm Bifrost Gpu Kernel Driver | >=r1p0<=r40p0 | |
| Arm Midgard Gpu Kernel Driver | >=r13p0<=r32p0 | |
| Arm Valhall Gpu Kernel Driver | >=r19p0<=r40p0 | |
| Google Android | ||
| Arm Bifrost | >=r1p0<=r40p0 | |
| Arm Midgard | >=r13p0<=r32p0 | |
| Arm Valhall | >=r19p0<=r40p0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-46891?
CVE-2022-46891 is a vulnerability in the Arm Mali GPU Kernel Driver that allows a non-privileged user to gain access to already freed memory through improper GPU processing operations.
Which software is affected by CVE-2022-46891?
CVE-2022-46891 affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40p0.
What is the severity of CVE-2022-46891?
The severity of CVE-2022-46891 is high with a CVSS score of 8.8.
How can I fix CVE-2022-46891?
To fix CVE-2022-46891, it is recommended to update to the latest version of the Arm Mali GPU Kernel Driver and apply any patches or security updates provided by the vendor.
Where can I find more information about CVE-2022-46891?
You can find more information about CVE-2022-46891 in the following references: [Reference 1](https://source.android.com/docs/security/bulletin/2023-05-01/#asterisk), [Reference 2](https://source.android.com/docs/security/bulletin/2023-05-01), [Reference 3](https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities).
- collector/nvd-api
- agent/author
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/arm
- canonical/arm bifrost gpu kernel driver
- version/arm bifrost gpu kernel driver/r1p0
- version/arm bifrost gpu kernel driver/r40p0
- canonical/arm midgard gpu kernel driver
- version/arm midgard gpu kernel driver/r13p0
- version/arm midgard gpu kernel driver/r32p0
- canonical/arm valhall gpu kernel driver
- version/arm valhall gpu kernel driver/r19p0
- version/arm valhall gpu kernel driver/r40p0
- canonical/arm bifrost
- version/arm bifrost/r1p0
- version/arm bifrost/r40p0
- canonical/arm midgard
- version/arm midgard/r13p0
- version/arm midgard/r32p0
- canonical/arm valhall
- version/arm valhall/r19p0
- version/arm valhall/r40p0
- vendor/google
- canonical/google android