CVE-2022-46394 — Use After Free in ARM Valhall GPU Kernel Driver

CWE-416 — Use After Free4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 47.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ARM Valhall GPU Kernel Driver ARM Avalon GPU Kernel Driver Google Android

Timeline

PublishedMar 8

Latest updateMay 1

Description

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDarm/valhall_gpu_kernel_driverr39p0 — r41p0

▶NVDarm/avalon_gpu_kernel_driverr41p0

▶googlegoogle/android

🔴Vulnerability Details

OSV

CVE-2022-46394: In TBD of TBD, there is a possible local arbitrary code execution due to a use after free↗2023-05-01

▶

GHSA

GHSA-cx94-hhxr-8q29: An issue was discovered in the Arm Mali GPU Kernel Driver↗2023-03-08

▶

📋Vendor Advisories

Android

CVE-2022-46394: Mali↗2023-05-01

▶