TROYANOSYVIRUS
Voltar para CVEs

CVE-2022-38181

HIGHCISA KEV
8.8

Descricao

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.

Detalhes CVE

Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado10/25/2022
Ultima modificacao11/3/2025
Fontekev
Avistamentos honeypot0

CISA KEV

FornecedorArm
ProdutoMali Graphics Processing Unit (GPU)
Nome da vulnerabilidadeArm Mali GPU Kernel Driver Use-After-Free Vulnerability
Data inclusao KEV2023-03-30
Prazo de remediacao2023-04-20
Uso em ransomwareUnknown

Produtos afetados

arm:bifrost_gpu_kernel_driverarm:midgard_gpu_kernel_driverarm:valhall_gpu_kernel_driver

Fraquezas (CWE)

CWE-416CWE-416

Referencias

http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html(cve@mitre.org)
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities(cve@mitre.org)
https://developer.arm.com/support/arm-security-updates(cve@mitre.org)
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/(cve@mitre.org)
https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/(cve@mitre.org)
http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)
https://developer.arm.com/support/arm-security-updates(af854a3a-2127-422b-91ae-364da2661108)
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/(af854a3a-2127-422b-91ae-364da2661108)
https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-38181(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.