CVE-2022-38181
Published: 25 October 2022
Summary
CVE-2022-38181 is a high-severity Use After Free (CWE-416) vulnerability in Arm Bifrost Gpu Kernel Driver. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 3.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-16 (Memory Protection).
Deeper analysis
The vulnerability is a use-after-free flaw (CWE-416) in the Arm Mali GPU kernel driver, where GPU memory operations are mishandled and allow unprivileged users to access freed memory. It affects Bifrost GPUs (r0p0–r38p1 and r39p0), Valhall GPUs (r19p0–r38p1 and r39p0), and Midgard GPUs (r4p0–r32p0).
An attacker with low privileges can exploit the issue over a network-adjacent path without user interaction to achieve high impact on confidentiality, integrity, and availability. Public references include proof-of-concept material for arbitrary code execution on Android devices and a detailed write-up of compromising a Pixel phone via the driver.
Arm has published security updates and driver patches through its Mali GPU Driver Vulnerabilities page and general security-update portal; practitioners should apply the latest vendor-supplied GPU kernel modules for the affected IP revisions.
The EPSS score reached a peak of 0.8659 in December 2024 before receding to the current value of 0.2455, indicating notable post-disclosure exploitation interest. Real-world artifacts such as Packet Storm exploits and a Google Security Lab analysis further document practical attack paths.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-40775
Vulnerability details
The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost r0p0 through r38p1, and r39p0; Valhall r19p0 through r38p1, and r39p0; and Midgard r4p0 through r32p0.
- CWE(s)
- KEV Date Added
- 30 March 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces memory protections that block use-after-free access to GPU memory regions by unprivileged processes.
Enforces access checks on GPU driver memory operations so low-privileged users cannot reference already-freed buffers.
Requires prompt application of vendor patches that correct the Mali GPU driver's mishandling of freed memory.