cbcvebase.
CVE-2022-38181
published 2022-10-25

CVE-2022-38181: The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through…

PriorityP185high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2023-04-20
Exploited in the wild
EPSS
12.59%
95.7th percentile
The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.

Affected

6 ranges
VendorProductVersion rangeFixed in
armbifrost_gpu_kernel_driver
armbifrost_gpu_kernel_driverr0p0 – r38p1
armmidgard_gpu_kernel_driverr4p0 – r31p0
armvalhall_gpu_kernel_driver
armvalhall_gpu_kernel_driverr19p0 – r38p1
googleandroid

Detection & IOCsextracted from sources · hover to see the quote

  • Target component is the Arm Mali GPU kernel driver; monitor for unprivileged processes interacting with Mali GPU kernel driver interfaces (e.g., /dev/mali*) in ways that could trigger use-after-free conditions on freed GPU memory.
  • Exploitation may result in local privilege escalation to root or memory disclosure; alert on unexpected privilege escalation from non-privileged processes on Android/Linux systems with Mali GPU drivers.
  • Android Security Bulletin tracking reference A-259695958 can be used to cross-reference patched builds; flag devices running unpatched Android builds that include Mali Bifrost r0p0–r38p1/r39p0, Valhall r19p0–r38p1/r39p0, or Midgard r4p0–r32p0 driver versions.
  • ·Vulnerability spans a wide range of Mali GPU driver generations and versions; confirm exact driver version on target device before assessing exposure. Affected ranges: Bifrost r0p0–r38p1 and r39p0; Valhall r19p0–r38p1 and r39p0; Midgard r4p0–r32p0.
  • ·This CVE is listed in CISA KEV with a remediation due date of 2023-04-20, indicating confirmed in-the-wild exploitation; treat as high-priority patching target.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.