Lucene search

[email protected]CVE-2022-46891

HistoryJan 17, 2023 - 8:15 a.m.

CVE-2022-46891

2023-01-1708:15:10

CWE-416

[email protected]

web.nvd.nist.gov

cve-2022-46891

arm mali

gpu kernel driver

use-after-free

vulnerability

nvd

midgard

bifrost

valhall

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.2%

JSON

An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40p0.

Affected configurations

NVD

Node

armbifrost_gpu_kernel_driverRanger1p0–r40p0

armmidgard_gpu_kernel_driverRanger13p0–r32p0

armvalhall_gpu_kernel_driverRanger19p0–r40p0

CPENameOperatorVersion
arm:bifrost_gpu_kernel_driverarm bifrost gpu kernel driverler40p0
arm:midgard_gpu_kernel_driverarm midgard gpu kernel driverler32p0
arm:valhall_gpu_kernel_driverarm valhall gpu kernel driverler40p0

CPE	Name	Operator	Version
arm:bifrost_gpu_kernel_driver	arm bifrost gpu kernel driver	le	r40p0
arm:midgard_gpu_kernel_driver	arm midgard gpu kernel driver	le	r32p0
arm:valhall_gpu_kernel_driver	arm valhall gpu kernel driver	le	r40p0

References

developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.2%

JSON

Related for CVE-2022-46891

prion1 nvd1 cvelist1 nessus1