CVE-2022-42716 — Use After Free in ARM Valhall GPU Kernel Driver

CWE-416 — Use After Free3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 42.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ARM Valhall GPU Kernel Driver Google Android

Timeline

PublishedDec 12

Latest updateApr 1

Description

An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDarm/valhall_gpu_kernel_driverr29p0 — r40p0

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-rvcg-rwxf-qh25: An issue was discovered in the Arm Mali GPU Kernel Driver↗2022-12-12

▶

📋Vendor Advisories

Android

CVE-2022-42716: Mali↗2023-04-01

▶