⚠ Actively exploited

Added to CISA KEV on 2023-03-30. Federal agencies required to patch by 2023-04-20. Required action: Apply updates per vendor instructions..

CVE-2022-38181 — Use After Free in ARM Bifrost GPU Kernel Driver

CWE-416 — Use After Free6 documents6 sources

Severity

8.8HIGHNVD

EPSS

24.5%

top 3.86%

CISA KEV

KEV

Added 2023-03-30

Due 2023-04-20

Exploit

Exploited in wild

Active exploitation observed

Affected products

ARM Bifrost GPU Kernel Driver ARM Midgard GPU Kernel Driver ARM Valhall GPU Kernel Driver +1 more

Timeline

PublishedOct 25

KEV addedMar 30

Latest updateApr 1

KEV dueApr 20

CISA Required Action: Apply updates per vendor instructions.

Description

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDarm/bifrost_gpu_kernel_driverr0p0 — r38p1+1

▶NVDarm/midgard_gpu_kernel_driverr4p0 — r31p0

▶NVDarm/valhall_gpu_kernel_driverr19p0 — r38p1+1

▶googlegoogle/android

🔴Vulnerability Details

OSV

CVE-2022-38181: In kbase_mem_flags_change of mali_kbase_mem_linux↗2023-04-01

▶

GHSA

GHSA-h73c-qgg5-q5rp: An Arm product family through 2022-08-12 mail GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access↗2022-10-26

▶

VulnCheck

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability↗2022

▶

📋Vendor Advisories

Android

CVE-2022-38181: Mali↗2023-04-01

▶

CISA

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability↗2023-03-30

▶