All the vulnerabilites related to arm - midgard
Vulnerability from fkie_nvd
Published
2022-09-01 03:15
Modified
2024-11-21 07:13
Severity ?
Summary
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:bifrost:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD7EB73-4B3E-4EE2-B052-325045586D41",
"versionEndIncluding": "r38p0",
"versionStartIncluding": "r0p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:bifrost:r39p0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF0F1B3-6279-4292-A563-CCF95F11D4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:midgard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9030A164-5DE3-43C0-B910-419ED8E42EBA",
"versionEndIncluding": "r32p0",
"versionStartIncluding": "r4p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:valhall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60010D61-2815-4F60-9334-69D6D83CDBCD",
"versionEndIncluding": "r38p0",
"versionStartIncluding": "r19p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:valhall:r39p0:*:*:*:*:*:*:*",
"matchCriteriaId": "641BFF30-6C63-4075-984E-873E8968A46F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1."
},
{
"lang": "es",
"value": "Se ha detectado un problema en el controlador del kernel de la GPU Arm Mali. Un usuario no privilegiado puede realizar operaciones inapropiadas de procesamiento de la GPU para conseguir acceso a la memoria ya liberada, escribir una cantidad limitada fuera de l\u00edmites del b\u00fafer o divulgar detalles de las asignaciones de memoria. Esto afecta a Midgard versiones r4p0 hasta r32p0, Bifrost versiones r0p0 hasta r38p0 y r39p0 anteriores a r38p1, y Valhall versiones r19p0 hasta r38p0 y r39p0 anteriores a r38p1"
}
],
"id": "CVE-2022-36449",
"lastModified": "2024-11-21T07:13:02.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-01T03:15:16.050",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-03 15:15
Modified
2024-11-21 06:47
Severity ?
Summary
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.
References
{
"cisaActionDue": "2023-04-20",
"cisaExploitAdd": "2023-03-30",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Arm Mali GPU Kernel Driver Unspecified Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:bifrost:*:*:*:*:*:*:*:*",
"matchCriteriaId": "856BC87E-52EC-462F-A79C-107D0DB3B424",
"versionEndExcluding": "r36p0",
"versionStartIncluding": "r0p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:midgard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A48CB88-81A5-4A6C-9B56-1BACC8A23726",
"versionEndIncluding": "r31p0",
"versionStartIncluding": "r26p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:valhall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "397B1C5E-687A-43CF-8DD7-5706ACFE75DA",
"versionEndExcluding": "r36p0",
"versionStartIncluding": "r19p0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0."
},
{
"lang": "es",
"value": "El controlador del kernel de la GPU Arm Mali permite a un usuario sin privilegios conseguir acceso de escritura a p\u00e1ginas de memoria de s\u00f3lo lectura. Esto afecta a Midgard r26p0 hasta r31p0, Bifrost r0p0 hasta r35p0, y Valhall r19p0 hasta r35p0"
}
],
"id": "CVE-2022-22706",
"lastModified": "2024-11-21T06:47:17.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-03T15:15:08.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-06 16:15
Modified
2024-11-21 07:50
Severity ?
Summary
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | avalon_gpu_kernel_driver | * | |
| arm | bifrost_gpu_kernel_driver | * | |
| arm | midgard | * | |
| arm | valhall_gpu_kernel_driver | * |
{
"cisaActionDue": "2023-04-28",
"cisaExploitAdd": "2023-04-07",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Arm Mali GPU Kernel Driver Information Disclosure Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:avalon_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16AC01AB-58F9-4F1F-AC20-9439589365ED",
"versionEndExcluding": "r43p0",
"versionStartIncluding": "r41p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7205027-9AE7-4095-B0A7-B1ECA71ACCAE",
"versionEndExcluding": "r43p0",
"versionStartIncluding": "r0p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:midgard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD1423A-4F6C-4A25-8D64-07AEB3ED4104",
"versionEndIncluding": "r32p0",
"versionStartIncluding": "r6p0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38BF4620-6A5C-4034-8D17-BC1AC5F8C711",
"versionEndExcluding": "r43p0",
"versionStartIncluding": "r19p0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata."
}
],
"id": "CVE-2023-26083",
"lastModified": "2024-11-21T07:50:44.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-06T16:15:07.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cybersecurity-help.cz/vdb/SB2023033049"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cybersecurity-help.cz/vulnerabilities/74210/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cybersecurity-help.cz/vdb/SB2023033049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cybersecurity-help.cz/vulnerabilities/74210/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-24 18:15
Modified
2024-11-21 06:00
Severity ?
Summary
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
References
{
"cisaActionDue": "2023-07-28",
"cisaExploitAdd": "2023-07-07",
"cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.",
"cisaVulnerabilityName": "Arm Mali GPU Kernel Driver Use-After-Free Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arm:bifrost:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7B47A9-86B1-46B5-8F83-6409B6CD895C",
"versionEndExcluding": "r30p0-01eac0",
"versionStartIncluding": "r16p0-01eac0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:midgard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB4EF1AF-F341-439F-A5BF-A4424D0E2F14",
"versionEndIncluding": "r30p0-01eac0",
"versionStartIncluding": "r28p0-01eac0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arm:valhall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B6A9F2-3304-429C-9339-6C16A5834521",
"versionEndExcluding": "r30p0-01eac0",
"versionStartIncluding": "r19p0-01eac0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0."
},
{
"lang": "es",
"value": "El controlador del kernel de la GPU Arm Mali, permite a un usuario no privilegiado acceder a la memoria liberada, conllevando a una divulgaci\u00f3n de informaci\u00f3n o una escalada de privilegios de root.\u0026#xa0;Esto afecta a Bifrost versiones r16p0 hasta r29p0 anteriores a r30p0, Valhall r19p0 hasta r29p0 anteriores a r30p0 y Midgard versiones r28p0 hasta r30p0"
}
],
"id": "CVE-2021-29256",
"lastModified": "2024-11-21T06:00:53.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-24T18:15:08.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-22706
Vulnerability from cvelistv5
Published
2022-03-03 14:27
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.arm.com/support/arm-security-updates | x_refsource_MISC | |
| https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T13:58:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-22706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through r31p0, Bifrost r0p0 through r35p0, and Valhall r19p0 through r35p0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/support/arm-security-updates",
"refsource": "MISC",
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"name": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver",
"refsource": "MISC",
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-22706",
"datePublished": "2022-03-03T14:27:54",
"dateReserved": "2022-01-06T00:00:00",
"dateUpdated": "2024-08-03T03:21:49.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26083
Vulnerability from cvelistv5
Published
2023-04-06 00:00
Modified
2024-08-02 11:39
Severity ?
EPSS score ?
Summary
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cybersecurity-help.cz/vdb/SB2023033049"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cybersecurity-help.cz/vulnerabilities/74210/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-06T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"url": "https://www.cybersecurity-help.cz/vdb/SB2023033049"
},
{
"url": "https://www.cybersecurity-help.cz/vulnerabilities/74210/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26083",
"datePublished": "2023-04-06T00:00:00",
"dateReserved": "2023-02-20T00:00:00",
"dateUpdated": "2024-08-02T11:39:06.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4211
Vulnerability from cvelistv5
Published
2023-10-01 17:00
Modified
2024-08-02 07:17
Severity ?
EPSS score ?
Summary
A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.
References
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Arm Ltd | Midgard GPU Kernel Driver |
Version: r12p0 |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Midgard GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"lessThanOrEqual": "r32p0",
"status": "affected",
"version": "r12p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Bifrost GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"lessThanOrEqual": "r42p0",
"status": "affected",
"version": "r0p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Valhall GPU Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"lessThanOrEqual": "r42p0",
"status": "affected",
"version": "r19p0",
"versionType": "patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Arm 5th Gen GPU Architecture Kernel Driver",
"vendor": "Arm Ltd",
"versions": [
{
"lessThanOrEqual": "r42p0",
"status": "affected",
"version": "r41p0",
"versionType": "patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Maddie Stone, Google Threat Analysis Group "
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jann Horn, Google Project Zero"
}
],
"datePublic": "2023-10-01T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.\u003c/p\u003e"
}
],
"value": "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-04T16:35:12.961Z",
"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"shortName": "Arm"
},
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "arm-security@arm.com",
"ID": "CVE-2023-4211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mali GPU Kernel Driver",
"version": {
"version_data": [
{
"version_value": "Midgard GPU Kernel Driver"
}
]
}
}
]
},
"vendor_name": "Arm Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "5.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"refsource": "MISC",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
"assignerShortName": "Arm",
"cveId": "CVE-2023-4211",
"datePublished": "2023-10-01T17:00:27.113Z",
"dateReserved": "2023-08-07T15:24:51.156Z",
"dateUpdated": "2024-08-02T07:17:12.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29256
Vulnerability from cvelistv5
Published
2021-05-24 17:56
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T17:56:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ". The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver",
"refsource": "CONFIRM",
"url": "https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29256",
"datePublished": "2021-05-24T17:56:27",
"dateReserved": "2021-03-26T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36449
Vulnerability from cvelistv5
Published
2022-09-01 02:50
Modified
2024-08-03 10:07
Severity ?
EPSS score ?
Summary
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:33.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T15:06:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"refsource": "MISC",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"name": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168432/Arm-Mali-Physical-Address-Exposure.html"
},
{
"name": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168431/Arm-Mali-Released-Buffer-Use-After-Free.html"
},
{
"name": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168434/Arm-Mali-CSF-Missing-Buffer-Size-Check.html"
},
{
"name": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168433/Arm-Mali-Race-Condition.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36449",
"datePublished": "2022-09-01T02:50:37",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:33.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}