CVE-2022-46891: High-Severity Vulnerability in Arm Mali GPU Kernel Driver

Arm last month announced that the patches were released for a high-severity vulnerability impacting the Arm Mali GPU kernel driver, which has been used in billions of devices.

Tracked as CVE-2022-46891, the security defect impacts the GPU memory processing operations and could be exploited to bypass security restrictions. The flaw was caused by a use-after-free error. By making improper GPU processing operations, an attacker could exploit this vulnerability to gain access to already freed memory.

The list of affected drivers is below –

• Midgard GPU Kernel Driver: All versions from r13p0 – r32p0
• Bifrost GPU Kernel Driver: All versions from r1p0 – r40p0
• Valhall GPU Kernel Driver: All versions from r19p0 – r40p0

“A non-privileged user can make improper GPU processing operations to gain access to already freed memory,” Arm notes in its advisory.

An anonymous researcher discovered and reported the bug, and Arm addressed the CVE-2022-46891 bug in December 2022.

Arm announced patches in Bifrost and Valhall GPU Kernel Driver r41p0. Users are recommended to upgrade if they are impacted by this issue. Please contact Arm support for Midgard GPUs.

The existence of a vulnerability in Arm Mali GPU Kernel Driver once again put millions of devices vulnerable at risk of heightened exploitation by threat actors.