TROYANOSYVIRUS
Retour aux CVEs

CVE-2022-38181

HIGHCISA KEV
8.8

Description

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.

Details CVE

Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie10/25/2022
Derniere modification11/3/2025
Sourcekev
Observations honeypot0

CISA KEV

FournisseurArm
ProduitMali Graphics Processing Unit (GPU)
Nom vulnerabiliteArm Mali GPU Kernel Driver Use-After-Free Vulnerability
Date ajout KEV2023-03-30
Date limite remediation2023-04-20
Utilise dans ransomwareUnknown

Produits affectes

arm:bifrost_gpu_kernel_driverarm:midgard_gpu_kernel_driverarm:valhall_gpu_kernel_driver

Faiblesses (CWE)

CWE-416CWE-416

References

http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html(cve@mitre.org)
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities(cve@mitre.org)
https://developer.arm.com/support/arm-security-updates(cve@mitre.org)
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/(cve@mitre.org)
https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/(cve@mitre.org)
http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)
https://developer.arm.com/support/arm-security-updates(af854a3a-2127-422b-91ae-364da2661108)
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/(af854a3a-2127-422b-91ae-364da2661108)
https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-38181(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.