CVE-2022-36449
published 2022-09-01CVE-2022-36449: An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed…
PriorityP334medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.88%
54.4th percentile
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | — | — |
| arm | bifrost_gpu_kernel_driver | r0p0 – r38p0 | — |
| arm | midgard_gpu_kernel_driver | r4p0 – r32p0 | — |
| arm | valhall_gpu_kernel_driver | — | — |
| arm | valhall_gpu_kernel_driver | r19p0 – r38p0 | — |
| android | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Project0
Mind the Gap - Project Zero
project_zero·2022-11-01·CVSS 7.8
CVE-2021-39793 [HIGH] Mind the Gap - Project Zero
By Ian Beer, Project Zero
Note: The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable.
## Introduction
In June 2022, Project Zero researcher Maddie Stone gave a talk at FirstCon22 titled 0-day In-the-Wild Exploitation in 2022…so far. A key takeaway was that approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities. This finding is consistent with our understanding of attacker behavior: attackers will take the path of least resistance, and as long as vendors don't consistently
GHSA
GHSA-ff7h-mhv4-853x: An issue was discovered in the Arm Mali GPU Kernel Driver
ghsa_unreviewed·2022-09-02
CVE-2022-36449 [MEDIUM] CWE-416 GHSA-ff7h-mhv4-853x: An issue was discovered in the Arm Mali GPU Kernel Driver
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
Android
CVE-2022-36449: Mali
vendor_android·2023-04-01·CVSS 6.5
CVE-2022-36449 [MEDIUM] CVE-2022-36449: Mali
Android Security Bulletin 2023-04-01
CVE: CVE-2022-36449
Severity: HIGH
Component: Mali
References: A-259983537*
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.htmlhttp://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.htmlhttp://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.htmlhttp://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.htmlhttps://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilitieshttp://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.htmlhttp://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.htmlhttp://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.htmlhttp://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.htmlhttps://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
2022-09-01
Published