CVE-2022-41757 — Write-what-where Condition in ARM Valhall GPU Kernel Driver

CWE-123 — Write-what-where Condition4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 36.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ARM Valhall GPU Kernel Driver Google Android

Timeline

PublishedNov 8

Latest updateApr 1

Description

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDarm/valhall_gpu_kernel_driverr29p0 — r38p2+1

▶googlegoogle/android

🔴Vulnerability Details

OSV

CVE-2022-41757: In kbase_csf_queue_group_suspend_prepare of mali_kbase_csf_kcpu↗2023-04-01

▶

GHSA

GHSA-pggw-w357-q8q8: An issue was discovered in the Arm Mali GPU Kernel Driver↗2022-11-08

▶

📋Vendor Advisories

Android

CVE-2022-41757: Mali↗2023-04-01

▶