Cyber Resilience

CVE-2022-38181

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 25 October 2022

Published
25 October 2022
Modified
03 November 2025
KEV Added
30 March 2023
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2455 96.2th percentile
Risk Priority 52 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-38181 is a high-severity Use After Free (CWE-416) vulnerability in Arm Bifrost Gpu Kernel Driver. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 3.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-16 (Memory Protection).

Deeper analysis

The vulnerability is a use-after-free flaw (CWE-416) in the Arm Mali GPU kernel driver, where GPU memory operations are mishandled and allow unprivileged users to access freed memory. It affects Bifrost GPUs (r0p0–r38p1 and r39p0), Valhall GPUs (r19p0–r38p1 and r39p0), and Midgard GPUs (r4p0–r32p0).

An attacker with low privileges can exploit the issue over a network-adjacent path without user interaction to achieve high impact on confidentiality, integrity, and availability. Public references include proof-of-concept material for arbitrary code execution on Android devices and a detailed write-up of compromising a Pixel phone via the driver.

Arm has published security updates and driver patches through its Mali GPU Driver Vulnerabilities page and general security-update portal; practitioners should apply the latest vendor-supplied GPU kernel modules for the affected IP revisions.

The EPSS score reached a peak of 0.8659 in December 2024 before receding to the current value of 0.2455, indicating notable post-disclosure exploitation interest. Real-world artifacts such as Packet Storm exploits and a Google Security Lab analysis further document practical attack paths.

EU & UK References

Vulnerability details

The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.

CWE(s)
KEV Date Added
30 March 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

arm
bifrost gpu kernel driver
r39p0 · r0p0 — r38p1
arm
midgard gpu kernel driver
r4p0 — r31p0
arm
valhall gpu kernel driver
r39p0 · r19p0 — r38p1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces memory protections that block use-after-free access to GPU memory regions by unprivileged processes.

prevent

Enforces access checks on GPU driver memory operations so low-privileged users cannot reference already-freed buffers.

prevent

Requires prompt application of vendor patches that correct the Mali GPU driver's mishandling of freed memory.

References