CVE-2022-36449 — MEDIUM (6.5)

Q: How severe is CVE-2022-36449?

CVE-2022-36449 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-36449?

Check the references section above for vendor advisories and patch information. Affected products include: Arm Bifrost Gpu Kernel Driver, Arm Midgard Gpu Kernel Driver, Arm Valhall Gpu Kernel Driver.

Vulnerability Description

An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Arm	Bifrost Gpu Kernel Driver	>= r0p0, <= r38p0
Arm	Midgard Gpu Kernel Driver	>= r4p0, <= r32p0
Arm	Valhall Gpu Kernel Driver	>= r19p0, <= r38p0

Related Weaknesses (CWE)

CWE-416

References

http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-FThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.hThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.htmlThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-CheThird Party AdvisoryVDB Entry
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20VulnerabVendor Advisory
http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-FThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.hThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.htmlThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-CheThird Party AdvisoryVDB Entry
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20VulnerabVendor Advisory

FAQ

What is CVE-2022-36449?

CVE-2022-36449 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of b...

How severe is CVE-2022-36449?

CVE-2022-36449 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-36449?

Check the references section above for vendor advisories and patch information. Affected products include: Arm Bifrost Gpu Kernel Driver, Arm Midgard Gpu Kernel Driver, Arm Valhall Gpu Kernel Driver.