CVE-2022-33917
published 2022-08-02CVE-2022-33917: An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to…
PriorityP425medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.40%
31.5th percentile
An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | valhall_gpu_kernel_driver | r29p0 – r38p0 | — |
| android | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2022-33917: Mali
vendor_android·2023-04-01·CVSS 5.5
CVE-2022-33917 [MEDIUM] CVE-2022-33917: Mali
Android Security Bulletin 2023-04-01
CVE: CVE-2022-33917
Severity: HIGH
Component: Mali
References: A-259984559*
Project0
Mind the Gap - Project Zero
project_zero·2022-11-01·CVSS 7.8
CVE-2021-39793 [HIGH] Mind the Gap - Project Zero
By Ian Beer, Project Zero
Note: The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable.
## Introduction
In June 2022, Project Zero researcher Maddie Stone gave a talk at FirstCon22 titled 0-day In-the-Wild Exploitation in 2022…so far. A key takeaway was that approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities. This finding is consistent with our understanding of attacker behavior: attackers will take the path of least resistance, and as long as vendors don't consistently
GHSA
GHSA-wpp7-hmg7-5vm6: An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0)
ghsa_unreviewed·2022-08-03
CVE-2022-33917 [MEDIUM] GHSA-wpp7-hmg7-5vm6: An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0)
An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/168147/Arm-Mali-CSF-VMA-Split-Mishandling.htmlhttps://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilitieshttp://packetstormsecurity.com/files/168147/Arm-Mali-CSF-VMA-Split-Mishandling.htmlhttps://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
2022-08-02
Published