Lucene search

[email protected]CVE-2022-34830

HistoryNov 23, 2022 - 3:15 a.m.

CVE-2022-34830

2022-11-2303:15:10

CWE-367

[email protected]

web.nvd.nist.gov

arm

product family

toctou

race condition

gpu

unauthorized access

cve-2022-34830

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

42.8%

JSON

An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.

Affected configurations

NVD

Node

armutgard_gpu_kernel_driverMatchr11p0

armutgard_gpu_kernel_driverMatchr12p0

CPENameOperatorVersion
arm:utgard_gpu_kernel_driverarm utgard gpu kernel drivereqr11p0
arm:utgard_gpu_kernel_driverarm utgard gpu kernel drivereqr12p0

CPE	Name	Operator	Version
arm:utgard_gpu_kernel_driver	arm utgard gpu kernel driver	eq	r11p0
arm:utgard_gpu_kernel_driver	arm utgard gpu kernel driver	eq	r12p0

References

developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

developer.arm.com/support/arm-security-updates

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

42.8%

JSON

Related for CVE-2022-34830

cvelist1 cnvd1 prion1 nvd1