CVE-2022-46395

HIGH

Arm Mali GPU Kernel Driver - Memory Corruption

Title source: llm

Description

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.

Exploits (3)

nomisec WORKING POC 1 stars

by SmileTabLabo · poc

https://github.com/SmileTabLabo/CVE-2022-46395

View Code ZIP pw:eip

nomisec WORKING POC

by Pro-me3us · poc

https://github.com/Pro-me3us/CVE_2022_46395_Raven

View Code ZIP pw:eip

nomisec WORKING POC

by Pro-me3us · poc

https://github.com/Pro-me3us/CVE_2022_46395_Gazelle

View Code ZIP pw:eip

References (3)

Core 3

Core References

Vendor Advisory

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

Vendor Advisory

https://developer.arm.com/support/arm-security-updates

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/172855/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html

Scores

CVSS v3 8.8

EPSS 0.4785

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (4)

arm/avalon_gpu_kernel_driver r41p0

arm/bifrost_gpu_kernel_driver r0p0 - r41p0

arm/midgard_gpu_kernel_driver r0p0 - r32p0

arm/valhall_gpu_kernel_driver r19p0 - r41p0

Published Mar 06, 2023

Tracked Since Feb 18, 2026