Vulnerabilities > CVE-2022-42716 - Use After Free vulnerability in ARM Valhall GPU Kernel Driver

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

arm

CWE-416

NVD

Published: 2022-12-12

Updated: 2023-12-14

Summary

An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.

Vulnerable Configurations

Part	Description	Count
Application	Arm ARM Valhall GPU Kernel Driver R29P0 ARM Valhall GPU Kernel Driver R34P0 ARM Valhall GPU Kernel Driver R38P0 ARM Valhall GPU Kernel Driver R38P1 ARM Valhall GPU Kernel Driver R38P2 ARM Valhall GPU Kernel Driver R39P0 ARM Valhall GPU Kernel Driver R40P0	7

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
http://packetstormsecurity.com/files/170420/Arm-Mali-CSF-KBASE_REG_NO_USER_FREE-Unsafe-Use-Use-After-Free.html