VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 11, 2023· Updated Feb 11, 2025

CVE-2022-46396

CVE-2022-46396

Description

An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer over-read vulnerability in Arm Mali GPU kernel driver allows non-privileged users to access limited out-of-bounds memory, affecting Valhall and Avalon GPUs.

Vulnerability

An issue in the Arm Mali Kernel Driver allows a non-privileged user to perform improper GPU memory processing operations, resulting in a limited out-of-bounds memory access. This affects Valhall GPU driver versions r29p0 through r41p0 and Avalon GPU driver version r41p0, with the fix included in r42p0 [1].

Exploitation

An attacker requires local non-privileged access to the system. By triggering specific GPU memory processing operations (likely via IOCTL calls or GPU command submissions), the attacker can read a small amount of memory outside the intended buffer bounds. No additional user interaction is needed beyond executing the exploit [1].

Impact

Successful exploitation enables the attacker to read a limited amount of out-of-bounds memory, leading to information disclosure. The vulnerability does not directly provide code execution or privilege escalation [1].

Mitigation

Arm has released driver version r42p0 which resolves the issue. Users should update to r42p0 or later. No workarounds are documented, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities catalog as of the publication date [1].

References
  1. Arm Product Security Center

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Arm/Mali Kernel Driverdescription
  • Arm/Mali GPU kernel driverllm-fuzzy
    Range: Valhall r29p0 through r41p0 before r42p0, Avalon r41p0 before r42p0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.