CVE-2022-36449 — Use After Free in ARM Bifrost GPU Kernel Driver

CWE-416 — Use After Free4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.9%

top 25.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ARM Bifrost GPU Kernel Driver ARM Midgard GPU Kernel Driver ARM Valhall GPU Kernel Driver +1 more

Timeline

PublishedSep 1

Latest updateApr 1

Description

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages4 packages

▶NVDarm/bifrost_gpu_kernel_driverr0p0 — r38p0+1

▶NVDarm/midgard_gpu_kernel_driverr4p0 — r32p0

▶NVDarm/valhall_gpu_kernel_driverr19p0 — r38p0+1

▶googlegoogle/android

🔴Vulnerability Details

Project0

Mind the Gap - Project Zero↗2022-11-01

▶

GHSA

GHSA-ff7h-mhv4-853x: An issue was discovered in the Arm Mali GPU Kernel Driver↗2022-09-02

▶

📋Vendor Advisories

Android

CVE-2022-36449: Mali↗2023-04-01

▶