TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2022-38181

HIGHCISA KEV
8.8

Beschreibung

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.

CVE Details

CVSS v3.1 Bewertung8.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht10/25/2022
Zuletzt geandert11/3/2025
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerArm
ProduktMali Graphics Processing Unit (GPU)
SchwachstellennameArm Mali GPU Kernel Driver Use-After-Free Vulnerability
KEV Aufnahmedatum2023-03-30
Behebungsfrist2023-04-20
Ransomware-NutzungUnknown

Betroffene Produkte

arm:bifrost_gpu_kernel_driverarm:midgard_gpu_kernel_driverarm:valhall_gpu_kernel_driver

Schwachen (CWE)

CWE-416CWE-416

Referenzen

http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html(cve@mitre.org)
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities(cve@mitre.org)
https://developer.arm.com/support/arm-security-updates(cve@mitre.org)
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/(cve@mitre.org)
https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/(cve@mitre.org)
http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)
https://developer.arm.com/support/arm-security-updates(af854a3a-2127-422b-91ae-364da2661108)
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/(af854a3a-2127-422b-91ae-364da2661108)
https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-38181(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.