Description
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_misc
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html
Scores
CVSS v3
6.5
EPSS
0.0086
EPSS Percentile
75.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-416
Status
published
Products (5)
arm/bifrost_gpu_kernel_driver
r39p0
arm/bifrost_gpu_kernel_driver
r0p0 - r38p0
arm/midgard_gpu_kernel_driver
r4p0 - r32p0
arm/valhall_gpu_kernel_driver
r39p0
arm/valhall_gpu_kernel_driver
r19p0 - r38p0
Published
Sep 01, 2022
Tracked Since
Feb 18, 2026