CVE-2022-33917

An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/168147/Arm-Mali-CSF-VMA-Split-Mishandling.html	Third Party Advisory VDB Entry
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities	Vendor Advisory
http://packetstormsecurity.com/files/168147/Arm-Mali-CSF-VMA-Split-Mishandling.html	Third Party Advisory VDB Entry
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:08

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/168147/Arm-Mali-CSF-VMA-Split-Mishandling.html - Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/168147/Arm-Mali-CSF-VMA-Split-Mishandling.html - Third Party Advisory, VDB Entry
References	~~() https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities - Vendor Advisory~~	() https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities - Vendor Advisory

Information

Published : 2022-08-02 23:15

Updated : 2024-11-21 07:08

NVD link : CVE-2022-33917

Mitre link : CVE-2022-33917

CVE.ORG link : CVE-2022-33917

JSON object : View

Products Affected

arm

valhall_gpu_kernel_driver

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-33917", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-08-02T23:15:18.177", "references": [{"url": "http://packetstormsecurity.com/files/168147/Arm-Mali-CSF-VMA-Split-Mishandling.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/168147/Arm-Mali-CSF-VMA-Split-Mishandling.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory."}, {"lang": "es", "value": "Se ha detectado un problema en el controlador del kernel de la GPU Arm Mali (versiones Valhall r29p0 hasta r38p0). Un usuario no privilegiados puede realizar operaciones incorrectas de procesamiento de la GPU para conseguir acceso a la memoria ya liberada"}], "lastModified": "2024-11-21T07:08:36.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B9B8380-A917-4491-833E-AEC1333F6829", "versionEndIncluding": "r38p0", "versionStartIncluding": "r29p0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}