Vulnerability in N/a
CVE-2022-38181
The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 thro…
EPSS: 0.250 (96.3th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
References
- developer.arm.com/support/arm-security-updates
- developer.arm.com/Arm Security Center/Mali GPU Driver Vulnerabilities
- github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/
- securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/
- packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execut…
Frequently asked questions
- What is CVE-2022-38181?
- CVE-2022-38181 is a vulnerability in N/a. Published 2022-10-25.
- Is CVE-2022-38181 known to be exploited?
- Yes. CVE-2022-38181 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2023-03-30), indicating it is being actively exploited. 13 public proof-of-concept repositories are indexed.