CVE-2022-38181
published 2022-10-25CVE-2022-38181: The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through…
PriorityP185high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2023-04-20
Exploited in the wild
EPSS
12.59%
95.7th percentile
The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | bifrost_gpu_kernel_driver | — | — |
| arm | bifrost_gpu_kernel_driver | r0p0 – r38p1 | — |
| arm | midgard_gpu_kernel_driver | r4p0 – r31p0 | — |
| arm | valhall_gpu_kernel_driver | — | — |
| arm | valhall_gpu_kernel_driver | r19p0 – r38p1 | — |
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target component is the Arm Mali GPU kernel driver; monitor for unprivileged processes interacting with Mali GPU kernel driver interfaces (e.g., /dev/mali*) in ways that could trigger use-after-free conditions on freed GPU memory. ↗
- →Exploitation may result in local privilege escalation to root or memory disclosure; alert on unexpected privilege escalation from non-privileged processes on Android/Linux systems with Mali GPU drivers. ↗
- →Android Security Bulletin tracking reference A-259695958 can be used to cross-reference patched builds; flag devices running unpatched Android builds that include Mali Bifrost r0p0–r38p1/r39p0, Valhall r19p0–r38p1/r39p0, or Midgard r4p0–r32p0 driver versions. ↗
- ·Vulnerability spans a wide range of Mali GPU driver generations and versions; confirm exact driver version on target device before assessing exposure. Affected ranges: Bifrost r0p0–r38p1 and r39p0; Valhall r19p0–r38p1 and r39p0; Midgard r4p0–r32p0. ↗
- ·This CVE is listed in CISA KEV with a remediation due date of 2023-04-20, indicating confirmed in-the-wild exploitation; treat as high-priority patching target. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2022-38181: In kbase_mem_flags_change of mali_kbase_mem_linux
osv·2023-04-01
CVE-2022-38181 CVE-2022-38181: In kbase_mem_flags_change of mali_kbase_mem_linux
In kbase_mem_flags_change of mali_kbase_mem_linux.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
GHSA
GHSA-h73c-qgg5-q5rp: An Arm product family through 2022-08-12 mail GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access
ghsa_unreviewed·2022-10-26
CVE-2022-38181 [HIGH] CWE-416 GHSA-h73c-qgg5-q5rp: An Arm product family through 2022-08-12 mail GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access
An Arm product family through 2022-08-12 mail GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory.
VulnCheck
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
vulncheck·2022·CVSS 8.8
CVE-2022-38181 [HIGH] CWE-416 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
Affected: Arm Mali Graphics Processing Unit (GPU)
Required Action: Apply updates per vendor instructions.
Exploitation References: https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Exploit PoC: https://vulncheck.com/xdb/0ea5523595cc; https://vulncheck.com/xdb/36b7eb9b6e72; https://vulncheck.com/xdb/3d6d1c7d139e
Remediation Due: 2023-04-20
Android
CVE-2022-38181: Mali
vendor_android·2023-04-01·CVSS 8.8
CVE-2022-38181 [HIGH] CVE-2022-38181: Mali
Android Security Bulletin 2023-04-01
CVE: CVE-2022-38181
Severity: HIGH
Component: Mali
References: A-259695958*
CISA
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
cisa·2023-03-30·CVSS 8.8
CVE-2022-38181 [HIGH] CWE-416 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Vulnerability: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Affected: Arm Mali Graphics Processing Unit (GPU)
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
Required Action: Apply updates per vendor instructions.
Notes: https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2022-38181
Remediation Due Date: 2023-04-20
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.htmlhttps://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilitieshttps://developer.arm.com/support/arm-security-updateshttps://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.htmlhttps://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilitieshttps://developer.arm.com/support/arm-security-updateshttps://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-38181
2022-10-25
Published
2023-03-30
Added to CISA KEV
Exploited in the wild