cbcvebase.
CVE-2022-22706
published 2022-03-03

CVE-2022-22706: Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost…

PriorityP180high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-04-20
Exploited in the wild
EPSS
1.22%
64.8th percentile
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.

Affected

4 ranges
VendorProductVersion rangeFixed in
armbifrost_gpu_kernel_driver>= r0p0 < r36p0r36p0
armmidgard_gpu_kernel_driver>= r26p0 < r32p0r32p0
armvalhall_gpu_kernel_driver>= r19p0 < r36p0r36p0
googleandroid

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability affects Arm Mali GPU Kernel Driver (Midgard r26p0–r31p0, Bifrost r0p0–r35p0, Valhall r19p0–r35p0); monitor for non-privileged processes gaining write access to read-only memory pages via the Mali GPU driver
  • CVE-2022-22706 is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active in-the-wild exploitation; prioritize detection on Android devices running affected Mali GPU driver versions
  • Android Security Bulletin (2023-06-01) tracks this as a HIGH severity issue in the Mali component; use Android reference A-225040268 to cross-reference patch status on managed Android devices
  • ·Affected driver version ranges are broad; confirm exact installed Mali GPU driver version (Midgard r26p0–r31p0, Bifrost r0p0–r35p0, Valhall r19p0–r35p0) before applying detections to avoid false positives on patched versions
  • ·The vulnerability mechanism is described as 'unspecified' in public advisories; no technical write-up or PoC details are available from these sources, limiting precision of behavioral detections

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.