CVE-2022-28348Use After Free in ARM Bifrost GPU Kernel Driver

CWE-416Use After Free3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 29.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ARM Bifrost GPU Kernel DriverARM Midgard GPU Kernel DriverARM Valhall GPU Kernel Driver+1 more
Timeline
PublishedMay 19
Latest updateOct 1

Description

Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

NVDarm/bifrost_gpu_kernel_driverr0p0r36p0
NVDarm/midgard_gpu_kernel_driverr4p0r31p0
NVDarm/valhall_gpu_kernel_driverr19p0r36p0

🔴Vulnerability Details

1
GHSA
GHSA-r85c-7543-8wq6: Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows2022-05-20

📋Vendor Advisories

1
Android
CVE-2022-28348: Mali2023-10-01