CVE-2022-38181

high

Description

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.

References

https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/

https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/

https://developer.arm.com/support/arm-security-updates

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities

http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html

Details

Source: Mitre, NVD

Published: 2022-10-25

Updated: 2025-04-03

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.20551