CVE-2022-41757
Description
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A flaw in the Arm Mali GPU Kernel Driver lets a non-privileged user write to read-only memory or access freed memory, impacting Valhall r29p0–r38p1 and r39p0 before r40p0.
Vulnerability
The Arm Mali GPU Kernel Driver contains an improper GPU processing operations flaw, CVE-2022-41757, which allows a non-privileged user to gain write access to read-only memory or access already freed memory. This affects Valhall GPU kernel driver versions r29p0 through r38p1 (fixed in r38p2) and r39p0 before r40p0 [1].
Exploitation
An attacker must have non-privileged user access to the device. The attacker then performs a sequence of improper GPU processing operations that trigger the kernel driver to incorrectly handle memory permissions or memory lifecycle, bypassing normal access controls [1].
Impact
Successful exploitation enables the attacker to write to memory regions that should be read-only, or to access freed memory. This could lead to privilege escalation, information disclosure, or arbitrary code execution at the kernel level, depending on the specific memory corruption achieved [1].
Mitigation
Users should update to Valhall r38p2 or r40p0 respectively, which contain the fix. No workarounds are documented. If the device is End-of-Life and cannot be updated, it remains vulnerable [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Arm/Mali GPU Kernel Driverdescription
- Range: Valhall r29p0 through r38p1 before r38p2, r39p0 before r40p0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.