TROYANOSYVIRUS
Volver a CVEs

CVE-2022-38181

HIGHCISA KEV
8.8

Descripcion

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.

Detalles CVE

Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado10/25/2022
Ultima modificacion11/3/2025
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorArm
ProductoMali Graphics Processing Unit (GPU)
Nombre vulnerabilidadArm Mali GPU Kernel Driver Use-After-Free Vulnerability
Fecha inclusion KEV2023-03-30
Fecha limite remediacion2023-04-20
Uso en ransomwareUnknown

Productos afectados

arm:bifrost_gpu_kernel_driverarm:midgard_gpu_kernel_driverarm:valhall_gpu_kernel_driver

Debilidades (CWE)

CWE-416CWE-416

Referencias

http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html(cve@mitre.org)
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities(cve@mitre.org)
https://developer.arm.com/support/arm-security-updates(cve@mitre.org)
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/(cve@mitre.org)
https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/(cve@mitre.org)
http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)
https://developer.arm.com/support/arm-security-updates(af854a3a-2127-422b-91ae-364da2661108)
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/(af854a3a-2127-422b-91ae-364da2661108)
https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-38181(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.