CVE-2022-46395

HIGH

Arm Mali GPU Kernel Driver - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2022-46395. PoCs published by SmileTabLabo, Gao-Zuin, Pro-me3us.

AI-analyzed exploit summary This is a working exploit for CVE-2022-46395, a vulnerability in the Arm Mali kernel driver. The exploit achieves arbitrary kernel code execution from an untrusted app domain, disables SELinux, and gains root privileges on affected devices.

Description

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.

Exploits (4)

nomisec WORKING POC 1 stars
by SmileTabLabo · poc
https://github.com/SmileTabLabo/CVE-2022-46395

This is a working exploit for CVE-2022-46395, a vulnerability in the Arm Mali kernel driver. The exploit achieves arbitrary kernel code execution from an untrusted app domain, disables SELinux, and gains root privileges on affected devices.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Arm Mali kernel driver (specific versions on Google Pixel 6)
No auth needed
Prerequisites: Google Pixel 6 with November 2022 or January 2023 patch level · Untrusted app domain access
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Gao-Zuin · poc
https://github.com/Gao-Zuin/cve-2022-46395-qemu

This repository contains a functional exploit for CVE-2022-46395, targeting a vulnerability in QEMU's Mali GPU driver. The exploit leverages memory corruption to achieve privilege escalation by overwriting kernel memory, specifically targeting the `commit_creds` and `init_cred` functions to gain root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: QEMU with Mali GPU driver (Google Pixel integration)
No auth needed
Prerequisites: Access to a vulnerable QEMU instance with Mali GPU support · Kernel memory layout knowledge (e.g., KERNEL_BASE)
devstral-2 · analyzed Jun 05, 2026 Full analysis →
nomisec WORKING POC
by Pro-me3us · poc
https://github.com/Pro-me3us/CVE_2022_46395_Raven

This is a functional exploit for CVE-2022-46395, targeting the ARM Mali GPU kernel driver on Amazon FireTV 2nd gen Cube devices. It leverages a memory corruption vulnerability to achieve arbitrary kernel code execution, disable SELinux, and escalate privileges to root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: ARM Mali GPU kernel driver on Amazon FireOS (PS7633/3445 to PS7652/3564)
No auth needed
Prerequisites: Physical or shell access to an affected Amazon FireTV 2nd gen Cube device · Device running a vulnerable FireOS version (PS7633/3445 to PS7652/3564)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Pro-me3us · poc
https://github.com/Pro-me3us/CVE_2022_46395_Gazelle

This is a working exploit PoC for CVE-2022-46395, targeting the ARM Mali kernel driver on Amazon FireTV 3rd gen Cube. It leverages a vulnerability to achieve arbitrary kernel code execution, disable SELinux, and gain root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: ARM Mali kernel driver on Amazon FireTV 3rd gen Cube (FireOS)
No auth needed
Prerequisites: Access to the target device · Compilation with specific NDK tools
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0268
EPSS Percentile 83.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (4)
arm/avalon_gpu_kernel_driver r41p0
arm/bifrost_gpu_kernel_driver r0p0 - r41p0
arm/midgard_gpu_kernel_driver r0p0 - r32p0
arm/valhall_gpu_kernel_driver r19p0 - r41p0
Published Mar 06, 2023
Tracked Since Feb 18, 2026